Thanks for catching the missing paren. Fixing it didn't change the result, unfortunately.
Received: from 169.200.184.174 (EHLO sls-sn-smtp-pmail3.wachovia.com) (169.200.184.174) by mail.visioncomm.net with ESMTP (SMTPD32-8.15) id A1253F3B0064; Wed, 02 Jan 2008 03:53:57 -0500 I agree an SPF issue shouldn't affect a whitelist_from_rcvd check, that's just a wild guess on my part that there may be a bug. I don't know where else to look. What I'd really like is for someone else to confirm that the check fails on their installation before I open a bug report. Loren Wilton appears to have run my email with my user_prefs, but didn't provide the -D output. Dan -----Original Message----- From: Loren Wilton [mailto:[EMAIL PROTECTED] Sent: Saturday, January 05, 2008 9:47 AM To: users@spamassassin.apache.org Subject: Re: Whitelist_from_rcvd not working > [9060] dbg: Botnet: starting > [9060] dbg: Botnet: no trusted relays > [9060] dbg: Botnet: get_relay didn't find RDNS [9060] dbg: Botnet: IP > is '169.200.184.174' > [9060] dbg: Botnet: RDNS is 'sls-sn-smtp-pmail3.wachovia.com' > [9060] dbg: Botnet: HELO is 'sls-sn-smtp-pmail3.wachovia.com' > [9060] dbg: Botnet: sender > '[EMAIL PROTECTED]' > [9060] dbg: Botnet: miss (none) These are Botnet plugin messages, they have nothing to do with the normal whitelist_from_rcvd check. > [9060] dbg: spf: def_spf_whitelist_from: already checked spf and didn't > get > pass, skipping whitelist check > [9060] dbg: spf: whitelist_from_spf: already checked spf and didn't get > pass, skipping whitelist check This is whitelist_from_spf, not whitelist_from_rcvd, and what it concludes here shouldn't have an effect on anything else. > Original received header: > > Received: from sls-sn-smtp-pmail3.wachovia.com [169.200.184.174] by > mail.visioncomm.net with ESMTP > (SMTPD32-8.15) id A1253F3B0064; Wed, 02 Jan 2008 03:53:57 -0500 > > Hacked received header: > > Received: from 169.200.184.174 (EHLO sls-sn-smtp-pmail3.wachovia.com > (169.200.184.174) > by mail.visioncomm.net with ESMTP (SMTPD32-8.15) id A1253F3B0064; > Wed, 02 Jan 2008 03:53:57 -0500 It appears to me that there is a missing parend in the hacked header, and probably it should have been more like > Received: from 169.200.184.174 (EHLO sls-sn-smtp-pmail3.wachovia.com > [169.200.184.174]) > by mail.visioncomm.net with ESMTP (SMTPD32-8.15) id A1253F3B0064; > Wed, 02 Jan 2008 03:53:57 -0500 Moving on to other parts of the debug output that are maybe more interesting: [9060] dbg: metadata: X-Spam-Relays-Trusted: There are no trusted relays. [9060] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=169.200.184.174 rdns= helo=sls-sn-smtp-pmail3.wachovia.com by=mail.visioncomm.net ident= envfrom= intl=0 id= A1253F3B0064 auth= msa=0 ] [ ip=172.21.194.240 rdns=p9mpw011.csm.fub.com helo=p9mpw011 by=sls-sn-smtp-pmail3.wachovia.com ident= envfrom= intl=0 id=m028ruM17943 auth= msa=0 ] The first untrusted relay (169.200.184.174) has a HELO but doesn't have an RDNS. I'm not positive, but I think you need both to get whitelist_from_recvd to work. [9060] dbg: metadata: X-Spam-Relays-Internal: [9060] dbg: metadata: X-Spam-Relays-External: [ ip=169.200.184.174 rdns= helo=sls-sn-smtp-pmail3.wachovia.com by=mail.visioncomm.net ident= envfrom= intl=0 id=A 1253F3B0064 auth= msa=0 ] [ ip=172.21.194.240 rdns=p9mpw011.csm.fub.com helo=p9mpw011 by=sls-sn-smtp-pmail3.wachovia.com ident= envfrom= intl=0 id=m028ruM17943 auth= msa=0 ]