Thanks for the response -- I can't 100% understand the docs, but AFAICT it seems to check the rcvd from last handover from an untrusted network. so am i right in thinking i have to add all of the servers for all the email forwarding services i use to my trusted network for this to work? or does whitelist_from_rcvd check the originating server where the mail came from?
in more detail: my problem is that i'm getting (not very much) spam from an email fowarding service i have (from an alumni network.) e.g. [EMAIL PROTECTED] forwards to [EMAIL PROTECTED] some spammer is sending email to [EMAIL PROTECTED], with a From: saying it's from [EMAIL PROTECTED] this is getting forwarded to [EMAIL PROTECTED] it is being received by the myemail.com mail servers from the college.edu mailservers, so checking the from matches the rcvd will pass, i think. i need to check that the from matches the rcvd farther down the line, e.g. the original message to [EMAIL PROTECTED] do i handle this by making the college.edu mailserver trusted? right now i'm blacklisting myself to combat this problem. not the most ideal solution. B On Thu, 26 Feb 2004, Dan DeVoe wrote: > Ben, > > You may want to try using the "whitelist_from_rcvd" function rather than > just bare "whitelist_from". I got confused on this issue myself, but 2.60 > added that new function specifically to stop this kind of abuse, Using > whitelist_from_rcvd will check the Received: headers as well as the From: > address. > > You can refer to the docs here: > > http://www.spamassassin.org/doc/Mail_SpamAssassin_Conf.html#whitelist%20and%20blacklist%20options > > for the exact syntax and functionality of whitelist_from_rcvd, which is > not identical to that of whitelist_from. > > If we had a FAQ, I would suggest this for one of the questions at this > point. =) > > -- > .''`. Daniel DeVoe <[EMAIL PROTECTED]> > : :' : http://www.netset.com/~ddevoe > `. `'` > `- Debian - when you have better things to do than fix a system > > On Wed, 25 Feb 2004, Ben wrote: > > > Date: Wed, 25 Feb 2004 00:03:58 -0500 (EST) > > From: Ben <[EMAIL PROTECTED]> > > To: Keith C. Ivey <[EMAIL PROTECTED]> > > Cc: [EMAIL PROTECTED] > > Subject: Re: abusing the whitelist > > > > thanks for the response and the advice. unfortunately it's a mail > > forwarding system that i'm part of that i'm trying to whitelist > > (alumni email forwarding) so the mail is not actually local. i guess > > i'll think about this more deeply. > > > > B > > > > On Tue, 24 Feb 2004, Keith C. Ivey wrote: > > > > > Ben <[EMAIL PROTECTED]> wrote: > > > > > > > the only reason why this got through was they put one of my email > > > > address in the From, in quotes. i'm no RFC822 or whatever expert, but > > > > that seems like it shouldn't get tagged by the USER_IN_WHITELIST test. > > > > > > Perhaps, but even if it didn't match addresses that weren't > > > really addresses, the spammer could just as well have put your > > > address in the "From:" line without quotes. In fact, I'd say > > > that's a lot more common than the quoted version you're > > > reporting. Whitelisting your own address, or any addresses at > > > your domain, is generally a bad idea, since you will end up > > > whitelisting a lot of spam. > > > > > > One alternative is to have mail that's actually from local > > > users not go through SpamAssassin at all. The details of how > > > to do that depend on your mail system. > > > > > > -- > > > Keith C. Ivey <[EMAIL PROTECTED]> > > > Washington, DC > > > > > > > > > > >
