>Second, I understand now that whitelist_from just represent a large >score, and does not bypass the email itself.
It will if you enable SHORTCIRCUIT'ing of whitelist_from. However, it is not recommended to use whitelist_from. Use whitelist_from_rcvd, or whitelist_auth instead to prevent spoofed addresses from passing through SA without being scored. Also, never whitelist an address or domain that you filter for. Spam- mers commonly spoof the From: address to match the To: address just to try to hit bad whitelist entries like that. (Not saying you did but just a general rule of whitelisting.) >Thanks again >Bruno