MATSUDA Yoh-ichi wrote: > Hello, spamassassiners. > > I have upgraded SA 3.1.0 im my Debian box, using my scamping patch. > > Yesterday, the spammer sent me a tricky spam. > The spammer wrote my mail address at "From:" field in the spam. > SA's AWL has been confused.
Are you sure? Did you actually verify that it got confused by this? If so, is your trusted_networks configured properly? SA's AWL needs trusted_networks to work properly, otherwise spoofing (such as this) can confuse it. > > I tried to re-register the spam and my 'true' ham. > But, both the spam and 'true' ham have same 'From:' field - my mail address. > So: > > - If I re-register the spam: > > | $ spamassassin --add-to-blacklist thespamfile > | SpamAssassin auto-whitelist: adding address to blacklist: [EMAIL PROTECTED] > | 1 message(s) examined. > > then, SA fails to detect my 'true' ham as 'spam'. > > - If I re-register my 'true' ham: > > | $ spamassassin -W mytruehamfile > | SpamAssassin auto-whitelist: adding address to whitelist: [EMAIL PROTECTED] > | 1 message(s) examined. > > then, SA fails to detect the spam as 'ham'. > > It seems there is no solution to the above problem, I think. > > <Questions> > 1. Is there any solution to the above problem using AWL? In general it looks like spamassassin -W and --add-to-blacklist are broken. This is probably because -W and --add-to-blacklist work on email-address only. However, message scanning uses a combination of From: and IP address. So I guess the real question is what's the problem that caused you to try to use these features in the first place? The spammer's forgery shouldn't count against your emails, since he'd be from a different IP address. If trusted_networks is set correctly, SA will see the difference. > > 2. If the solutions of 1. is nothing, I have to disable AWL function. > So, how to disable AWL in personal setting (~/.spamassassin/user_prefs) ? You can't. Enabling the AWL can affect mailserver disk usage and CPU usage, so it's best to not let users turn it on and off. > I couldn't find out AWL switch in SA's documents. > Is AWL function setting only systemwide /etc/spamassassin/v310.pre ? In SA 3.1.0 this is the only way I know of. Previous versions had a "use_auto_whitelist" config option, but it was privileged and would only be honored in site-wide configs (local.cf) and would be ignored in user_prefs anyway.
