> romanovsky wrote: > >OS: Debian Sarge > >SpamAssassin: 3.0.3-2 > >Problem description: > >[EMAIL PROTECTED] sends a ham message to himself (i.e. From:==To:[EMAIL > >PROTECTED]). > >Autowhiltelisting mechanism adds [EMAIL PROTECTED] to the whiltelist. > >A spammer sends spam to [EMAIL PROTECTED] from forged address [EMAIL > >PROTECTED] > >Spam gets through with USER_IN_WHITELIST rule. > >The question is: how to disable autowhiltelisting in case of From:==To:?
On 13.03.08 09:18, Matt Kettler wrote: > USER_IN_WHITELIST has nothing to do with the autowhitelist. The > autowhitelist will show up as a rule named AWL. > > USER_IN_WHITELIST means the message matched a whitelist_from, > whitelist_from_rcvd, or whitelist_from_spf statement in your configfiles. > > Odds are, there's a well meaning, but woefully mistaken "whitelist_from > [EMAIL PROTECTED]" in the config somewhere.. whitelisting own domain is an obvious mistake and causes many falze negatives - spammers found out this issue long ago and are forging from addresses to be from the same domain (or even user) as the recipient. someone should make an FAQ entry in wiki for whitelisting... -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I feel like I'm diagonally parked in a parallel universe.
