Where on a system might you be able to read what is white listed ?...
One fast, sure-fire way is to grep all the configfiles:
grep whitelist /usr/share/spamassassin/*.cf
grep whitelist /etc/mail/spamassassin/*.cf
grep whitelist ~/.spamassassin/user_prefsNote, most systems use those exact paths, but your system might use different paths than /usr/share and /etc/mail (ie: /usr/local/share). Check the top of SA's debug output if in doubt. The first handful of lines should enumerate what paths it's using for site rules, etc.
spamassassin -D --lint.
