Matt Kettler wrote: > Jack Gostl wrote: > >> I have an odd problem. I have a user receiving spam from something like >> [EMAIL PROTECTED] Since he does business with verybigcompany.com, >> he had them in his white list, and as expected, the spam slipped through. >> >> Based on the advice I got in this newsgroup, I changed him from a >> straight: >> >> whitelist_from [EMAIL PROTECTED] >> >> to >> >> whitelist_from_rcvd [EMAIL PROTECTED] verybigcompany.com >> >> I think I did that right. So now the odd thing is that spam from >> verybigcompany.com is coming through on my PERSONAL account even >> though its >> not in my whitelist. The headers show that this is a "user in whitelist" >> situation. It may be happening to others, I haven't checked, but its weird >> enough that its happening to me. >> >> Now if I haven't confused everyone, I'm open to ideas. >> > Have you checked *all* the "from like" headers to see if any of them > match your whitelist. (ie: return-path, envelope-sender, etc, etc, etc) > > Have you tried running the same message through spamassassin -D to see > which exact address SA matched against? > > >
One other thing to check.. if you use spamd you're probably subject to this bug: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4179