Martin Gregorie wrote: > I've been reading threads saying that whitelist_from is spoofable and > that I should be using whitelist_from_rcvd instead, so I checked the > three whitelist entries I use to whitelist_from_rcvd. Here is an > example: > > whitelist_from_rcvd [EMAIL PROTECTED] > > However, I'm getting them rejected with the message: > > config: SpamAssassin failed to parse line, "[EMAIL PROTECTED]" is not valid > for "whitelist_from_rcvd", skipping: whitelist_from_rcvd [EMAIL PROTECTED] > > Two specify the sender as [EMAIL PROTECTED] format and the third is a full > name like [EMAIL PROTECTED] - these were acceptable as arguments for > whitelist_from. I can't find anything in the wiki or on the SA website > that shows the valid arguments for whitelist_from_rcvd, so what am I > doing wrong? > You need a second parameter to whitelist_from_rcvd. The second parameter is the hostname (or fragment thereof) that should be found in the Received: headers generated by the last internal host (ie: your mx). This part does assume that you have trusted_networks configured properly, or that the auto-guesser works for your network (it won't if your MX is NATed).
As for documentation, man Mail::SpamAssassin::Conf. Or the web copy of the same text for version 3.2.x: http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html#whitelist_and_blacklist_options