----- Original Message -----
From: "Matt Kettler" <[EMAIL PROTECTED]>
To: "Jack Gostl" <[EMAIL PROTECTED]>
Cc: "spam" <users@spamassassin.apache.org>
Sent: Thursday, December 06, 2007 8:19 PM
Subject: Re: whitelist
Matt Kettler wrote:
Jack Gostl wrote:
I have an odd problem. I have a user receiving spam from something like
[EMAIL PROTECTED] Since he does business with
verybigcompany.com,
he had them in his white list, and as expected, the spam slipped
through.
Based on the advice I got in this newsgroup, I changed him from a
straight:
whitelist_from [EMAIL PROTECTED]
to
whitelist_from_rcvd [EMAIL PROTECTED] verybigcompany.com
I think I did that right. So now the odd thing is that spam from
verybigcompany.com is coming through on my PERSONAL account even
though its
not in my whitelist. The headers show that this is a "user in whitelist"
situation. It may be happening to others, I haven't checked, but its
weird
enough that its happening to me.
Now if I haven't confused everyone, I'm open to ideas.
Have you checked *all* the "from like" headers to see if any of them
match your whitelist. (ie: return-path, envelope-sender, etc, etc, etc)
Have you tried running the same message through spamassassin -D to see
which exact address SA matched against?
One other thing to check.. if you use spamd you're probably subject to
this bug:
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4179
This looks close enough to worry. I'm not used to reading those bugzilla
reports. Is there a fix? Would I have to upgrade to the current release?
