Marc Perkel wrote:
Been getting false Positives on FORGED_DEF_WHITELIST rule on mail comibg from paypal.
Can you open a Bugzilla ticket and attach the headers from an example? (deleting private info is ok for this, and I don't need the body)
I wrote the rule recently and I can well believe that there is a bug that I missed.
The theory is that any address on the default whitelist is only sent from a mail server in its domain. If you read the doc I wrote on it you'll see that there is a way to specify that it is not the case for a specific whitelist entry, but I've never seen PayPal mail that doesn't get sent through a paypal.com mail server.
-- sidney
