John Hardin wrote: > On Tue, 19 Jun 2012, Benny Pedersen wrote: > >> Den 2012-06-19 22:39, Kevin A. McGrail skrev: >> >>> I think that's the concept behind the whitelist_from_spf >> >> but some use whitelist_from, its nothing new there :=) >> >> can user_in_whitelist be changed to not have -100 as default score, >> or is whitelist_from planned for removements ? > > It's needed for whan none of the other more-strict whitelist options > will work, so we can't get just rid of it. > > I'd suggest instead a lint warning if it is used, alerting the admin > that it's discouraged and that it has problems like this and is very > easy to spoof.
It's well documented. From the man page: whitelist_from a...@ress.com Used to whitelist sender addresses which send mail that is often tagged (incorrectly) as spam. Use of this setting is not recommended, since it blindly trusts the message, which is routinely and easily forged by spammers and phish senders. The recommended solution is to instead use "whitelist_auth" or other authenticated whitelisting methods, or "whitelist_from_rcvd". -- Per Jessen, Zürich (21.1°C)
