Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 30 Aug 2007 20:12:29 +1000
From:      John Marshall <John.Marshall@riverwillow.com.au>
To:        Stefan Lambrev <stefan.lambrev@moneybookers.com>
Cc:        "scheidell@secnap.net" <scheidell@secnap.net>, "freebsd-ports@freebsd.org" <freebsd-ports@freebsd.org>
Subject:   Re: p5-Mail-SpamAssassin-3.2.3 - manual whitelist_from broken
Message-ID:  <46D6980D.8050505@riverwillow.com.au>
In-Reply-To: <46D67CB6.1080100@moneybookers.com>
References:  <46D67CB6.1080100@moneybookers.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Stefan Lambrev wrote:
> Hello,
> 
> I noticed that after upgrading spamassassin to the latest (in ports) 
> version, manual whitelist is somehow broken.
> In previous version spamassassin detects without a problem forged "From" 
> headers and even with "whitelist_from *@domain.com"
> mails that are spam got caught.
> 
> With the latest version of spamassassins the following example will not 
> be detected as spam:
> 
>  >telnet mailserver-spamprotected.com 25
>  >helo somedomain.com
>  >mail from: spoof@somedomain.com
>  >rcpt to: validuser@mailserver-spamprotected.com
>  >data
> From: validuser@mailserver-spamprotected.com
> some spam xxx.
> .
>  >quit
> 
> In this case whitelist_from *@mailserver-spamprotected.com is triggered, 
> and I'm pretty sure that wasn't a case in older versions of spamassassin.
> 
> Any ideas what is changed, and how I can restored the old behavior.
> 

As far as I know, nothing has changed. What you are seeing is expected 
behaviour.

"whitelist_from" should only be used as a last resort because it blindly 
trusts the (alleged) envelope sender address. The documentation warns 
about this:
<http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html#whitelist_and_blacklist_options>;

Personally, I include the SPF plugin and use "whitelist_from_spf" 
entries wherever possible. Failing that (if sending domain doesn't 
publish SPF details) I use "whitelist_from_rcvd".

-- 
John Marshall

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46D6980D.8050505>