NFN Smith wrote:
> The problem that we do have is that when we list our domains via
> whitelist_from, then incoming mail with forged From: lines that shows
> one of those domains (typically, the same domain as the addressee) is
> given a free pass.
Please don't use whitelist_from. Ever. For anything.
To quote the manpage:
-----------------------
whitelist_from [EMAIL PROTECTED]
Used to specify addresses which send mail that is often tagged (incorrectly)
as spam; it also helps if they are addresses of big companies with lots of
lawyers. This way, if spammers impersonate them, they'll get into big trouble,
so it doesn't provide a shortcut around SpamAssassin. If you want to whitelist
your own domain, be aware that spammers will often impersonate the domain of the
recipient. The recommended solution is to instead use whitelist_from_rcvd as
explained below.
-----------------------
Do it right, and use whitelist_from_rcvd.
