On 03/12/2015 07:23 PM, Rick Hantz (TirNanOg) wrote:
whitelist_from alfranken.com
bad syntax
http://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Conf.txt
unwhitelist_from u...@example.com
Used to override a default whitelist_from entry, so for example a
distribution whitelist_from can be overridden in a local.cf
file, or
an individual user can override a whitelist_from entry in their own
"user_prefs" file. The specified email address has to match exactly
(although case-insensitively) the address previously used in a
whitelist_from line, which implies that a wildcard only matches
literally the same wildcard (not 'any' address).
e.g.
unwhitelist_from j...@example.com f...@example.com
unwhitelist_from *@example.com
whitelist_from_rcvd a...@lists.sourceforge.net sourceforge.net
Works similarly to whitelist_from, except that in addition to
matching a sender address, a relay's rDNS name or its IP address
must match too for the whitelisting rule to fire. The first
parameter is a sender's e-mail address to whitelist, and the second
is a string to match the relay's rDNS, or its IP address. Matching
is case-insensitive.
This second parameter is matched against the TCP-info information
field as provided in a FROM clause of a trace information (i.e. the
Received header field, see RFC 5321). Only the Received header
fields inserted by trusted hosts are considered. This parameter can
either be a full hostname, or the domain component of that
hostname,
or an IP address in square brackets. The reverse DNS lookup is done
by a MTA, not by SpamAssassin.
In case of an IPv4 address in brackets, it may be truncated on
classful boundaries to cover whole subnets, e.g. "[10.1.2.3]",
"[10.1.2]", "[10.1]", "[10]". CIDR notation is currently not
supported, nor is IPv6. The matching on IP address is mainly
provided to cover rare cases where whitelisting of a sending MTA is
desired which does not have a correct reverse DNS configured.
In other words, if the host that connected to your MX had an IP
address 192.0.2.123 that mapped to 'sendinghost.example.org', you
should specify "sendinghost.example.org", or "example.org", or
"[192.0.2.123]" or "[192.0.2]" here.
Note that this requires that "internal_networks" be correct. For
simple cases, it will be, but for a complex network you may get
better results by setting that parameter.
It also requires that your mail exchangers be configured to perform
DNS reverse lookups on the connecting host's IP address, and to
record the result in the generated Received header field according
to RFC 5321.
e.g.
whitelist_from_rcvd j...@example.com example.com
whitelist_from_rcvd *@axkit.org sergeant.org
whitelist_from_rcvd *@axkit.org [192.0.2.123]