Hello Andy, Wednesday, July 27, 2005, 7:13:01 AM, you wrote:
AJ> Didn't know there was a SARE whitelist. Discussed on this list a few months back, while experimenting with it on my own system. Then announced it here when published, but otherwise it's been quiet. Worth mentioning from time to time... AJ> Here'sanother Fidelity E-Mail address we whitelist: AJ> [EMAIL PROTECTED] Thanks, but I need more than just the email address. It's much, much too easy for spammers to forge/fake an email address in their From header. We use the whitelist_from_rcvd directive instead, > whitelist_from_rcvd EmailAddress ServerDomain SpamAssassin identifies which Received headers are trusted (belong to your system, or otherwise are trusted to pass you accurate information about the upstream/sending server). It compares the sending server in the last of these against the ServerDomain parameter. Only if both the email address pattern and the server domain match is the email whitelisted. Even if the spammer fakes the email address, and generates a bogus Received header with the server domain, that received header will not be trusted (it wasn't generated by your system), and therefore the email won't be whitelisted in error. If you can send me a copy of the email, or at least its full headers (no need for any of the confidential information that might be in the body), I can identify the correct server domain to include in the directive. Bob Menschel