Look in sa-mimedefang.cf. That is where the white list values are.
what is happening is someone is spamming you with the return address in your white list (mostly this happens to me as my email address)
It would be really cool (though I have not figured a way) to use my local ip address block to be a white list; therefor spammers would have to spoof my lan to get a +100 on the spam score.
Sorry for an SA question on a MD list but google didn't turn up anything.
I just got a piece of spam with a low SA score. It would have been high except for a USER_IN_DEF_WHITELIST entry in the list which I didn't recognise.
grepping through my disk yielded that test in /usr/local/share/spamassassin (this is freebsd) in 20_head_tests.cf which is:
header USER_IN_DEF_WHITELIST eval:check_from_in_default_whitelist() describe USER_IN_DEF_WHITELIST From: address is in the default white-list tflags USER_IN_DEF_WHITELIST userconf nice
Now, I found the check_from_in_default_whitelist function in EvalTests.pm (under perl/mail/spamassassin) but it's cryptic perl for my skill level and so that's a dead end.
Question. What is the "default" whitelist? Where and how is it set up? What mail header fields are matched to get it (looks like "from" if the description is correct but I couldn't tell from the function)? This email had a "from" that certainly wasn't anything I had explicity allowed and I don't use auto whitelisting.
Can anyone offer answers?
thanks!
-lee
_______________________________________________
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
_______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
