whitelist_from_dkim might be a better way to go: http://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Plugin_D KIM.html
Cheers, Phil -- Phil Randal Networks Engineer Herefordshire Council Hereford, UK -----Original Message----- From: Skip [mailto:[EMAIL PROTECTED] Sent: 11 August 2008 14:15 To: SpamAssassin Users List Subject: more help on whitelist_from_rcvd I'm trying to make sure email from ebay is legit. I received an email from ebay today with the following headers: Received: from mxsmfpool02.ebay.com ([66.135.209.199] helo=mxsmfpool01.ebay.com) by box106.bluehost.com with esmtp (Exim 4.69) (envelope-from <[EMAIL PROTECTED]>) id 1KSISe-0003wZ-8P for [EMAIL PROTECTED]; Sun, 10 Aug 2008 15:28:24 -0600 Received: from sjc2bat11.sjc.ebay.com ([10.8.194.232]) by mxsmfpool01.ebay.com (8.13.5/8.13.5) with ESMTP id m7ALSNCM012713 for <[EMAIL PROTECTED]>; Sun, 10 Aug 2008 14:28:27 -0700 DomainKey-Signature: a=rsa-sha1; s=dksm28; d=ebay.com; c=nofws; q=dns; h=x-ebay-mailtracker:to:from:mime-version:content-type:subject:date: message-id:reply-to:x-ebay-mailversiontracker; b=oMkULX7sexFP8Davsg9eBquC6yrj7BytJZVtNZ8qQwuipOJUcwjSPZvcmQdYyx+zU 68Ot5VuDBGylST0mLRzsQ== X-eBay-MailTracker: 11020.567.0.0 To: [EMAIL PROTECTED] From: eBay <[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary=23401732.1218403700945.JavaMail.ebba.sjc2bat11 Subject: Check out the latest items from your favorite sellers on eBay Date: Sun, 10 Aug 08 14:28:20 GMT-0700 Message-ID: <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] X-eBay-MailVersionTracker: 567.6690890 X-user: ::::66.135.209.199:box106.bluehost.com:::::: And I figured the following SA rules would guarantee passage: whitelist_from_rcvd [EMAIL PROTECTED] sjc2bat11.sjc.ebay.com whitelist_from_rcvd [EMAIL PROTECTED] mxsmfpool02.ebay.com whitelist_from_rcvd [EMAIL PROTECTED] mxsmfpool01.ebay.com whitelist_from_rcvd [EMAIL PROTECTED] ebay.com whitelist_from_rcvd [EMAIL PROTECTED] emarsys.net trusted_networks 192.168/16 trusted_networks 69.89.22.106 trusted_networks 68.231.250/8 internal_networks 192.168/16 internal_networks 69.89.22.106 internal_networks 68.231.250/8 But alas, it does not work--I'm still not able to whitelist this message. I realize that with this route, I would have to whitelist every one of ebay's outgoing mail servers (right???), or is there a better way? In concept, this seems like a great way to ensure one does not get spoofed emails, but gosh, it sure is hard to set up the rules for it. Unless I'm missing something simple.... Skip -- Get my PGP Public key here: http://pelorus.org/[EMAIL PROTECTED]