> On Jul 6, 2016, at 8:50 PM, Bill Cole > <sausers-20150...@billmail.scconsult.com> wrote: > > On 6 Jul 2016, at 21:13, Lorenzo Thurman wrote: > >> I’ve been receiving some spam where spamassassin identifies the sender with >> USER_IN_WHITELIST. These senders (or domains) are most definitely not in my >> whitelist. How can I get around this problem? > > There are so many relevant variables unspecified that no one here has any > hope of solving your problem. > > To make it easier for us, please provide more information: > > 1. How are you using SpamAssassin? Specifically, if you have it hooked into > an MTA like Postfix or Sendmail, tell us which one AND what mechanism you are > using to integrate SA and the MTA. > > 2. If your system involved the use of spamd, what are its arguments and what > user is it running as? > > 3. If you scan a message with this problem manually by piping it into > 'spamassassin -t -D' what does the resulting flood of debugging information > say about what address it is finding as being in the whitelist? >
Ah, ok. Here’s some info: spamassassin v3.4.0 - Postfix 2.11.0 Ubuntu 14.04 /usr/sbin/spamd --create-prefs --max-children 5 --helper-home-dir -d --pidfile=/var/run/spamd.pid In /etc/postfix/master.cf smtp inet n - - - - smtpd -vvv -o content_filter=spamassassin spamassassin unix - n n - - pipe flags=Rq user=nobody argv=/usr/bin/spamfilter.sh -oi -f ${sender} ${recipient} The output from spamassassin -t -D < In-whitelist.txt gives the answer, I believe: address hefg...@hkjhkjhk.onmicrosoft.com matches whitelist or blacklist regexp: ^.*microsoft\.com$ Very sneaky. I think I can handle this one from here. Thanks again.