On Tue, 19 Jun 2012, Flemming Jacobsen wrote:
I finally got around to enabling SPF checks in SA.
(v. 3.3.2, via spamd on FreeBSD)
It appears that even though SPF checks fail (i.e. SPF_FAIL),
USER_IN_WHITELIST still adds -100 points to the score.
Since the sender probably is spoofed, should USER_IN_WHITELIST
not be ignored/neutral (not sure of the terminology here)?
Which whitelist is the problematic user in? whitelist_from is a naive
check of the from address and is trivially easy to spoof.
You should review your whitelists and, now that you have SPF working, move
senders that are in authenticated domains from whitelist_from to
whitelist_auth so that you take advantage of SPF (and DKIM, if you have
that working as well).
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Usually Microsoft doesn't develop products, we buy products.
-- Arno Edelmann, Microsoft product manager
-----------------------------------------------------------------------
15 days until the 236th anniversary of the Declaration of Independence
