You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Jack Gostl <go...@argoscomp.com> on 2007/12/06 15:19:13 UTC
whitelist
-----BEGIN PGP SIGNED MESSAGE-----
I have an odd problem. I have a user receiving spam from something like
abcde@verybigcompany.com. Since he does business with verybigcompany.com,
he had them in his white list, and as expected, the spam slipped through.
Based on the advice I got in this newsgroup, I changed him from a straight:
whitelist_from *@verybigcompany.com
to
whitelist_from_rcvd *@verybigcompany.com verybigcompany.com
I think I did that right. So now the odd thing is that spam from
verybigcompany.com is coming through on my PERSONAL account even though its
not in my whitelist. The headers show that this is a "user in whitelist"
situation. It may be happening to others, I haven't checked, but its weird
enough that its happening to me.
Now if I haven't confused everyone, I'm open to ideas.
I am on SpamAssassin version 3.1.8 running on Perl version 5.8.2 under AIX
5.3
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)
wpUDBQFHWATLFhDacYjJc7UBAW6QBACyE2GnQXEgSY/89kXWo2kk6OFE0IAg3CfS
K3mrslL5OxkWGhqAptLw5nE5J3plAR3a16r8XLk9YuMNLJJD/9q3Dk+SVpB1NVsk
1igoTTX0rlZMTKzIFiLLzitInXUXeg2Gwl7s57OCZtjdTl8vxmBkynno3nl3csjk
Xfp9aRKP2w==
=ub+v
-----END PGP SIGNATURE-----
Re: whitelist
Posted by Jack Gostl <go...@argoscomp.com>.
----- Original Message -----
From: "Daryl C. W. O'Shea" <sp...@dostech.ca>
To: "Matt Kettler" <mk...@verizon.net>
Cc: "Jack Gostl" <go...@argoscomp.com>; "spam"
<us...@spamassassin.apache.org>
Sent: Thursday, December 06, 2007 11:08 PM
Subject: Re: whitelist
> Matt Kettler wrote:
>> Matt Kettler wrote:
>>> Jack Gostl wrote:
>>>
>>>> I have an odd problem. I have a user receiving spam from something like
>>>> abcde@verybigcompany.com. Since he does business with
>>>> verybigcompany.com,
>>>> he had them in his white list, and as expected, the spam slipped
>>>> through.
>>>>
>>>> Based on the advice I got in this newsgroup, I changed him from a
>>>> straight:
>>>>
>>>> whitelist_from *@verybigcompany.com
>>>>
>>>> to
>>>>
>>>> whitelist_from_rcvd *@verybigcompany.com verybigcompany.com
>>>>
>>>> I think I did that right. So now the odd thing is that spam from
>>>> verybigcompany.com is coming through on my PERSONAL account even
>>>> though its
>>>> not in my whitelist. The headers show that this is a "user in
>>>> whitelist"
>>>> situation. It may be happening to others, I haven't checked, but its
>>>> weird
>>>> enough that its happening to me.
>>>>
>>>> Now if I haven't confused everyone, I'm open to ideas.
>>>>
>>> Have you checked *all* the "from like" headers to see if any of them
>>> match your whitelist. (ie: return-path, envelope-sender, etc, etc, etc)
>>>
>>> Have you tried running the same message through spamassassin -D to see
>>> which exact address SA matched against?
>>>
>>>
>>>
>>
>> One other thing to check.. if you use spamd you're probably subject to
>> this bug:
>>
>> http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4179
>
> No, it's not that bug. That bug is about user rules getting compiled into
> methods at runtime and then not disposed off when the username gets
> changed.
>
> The whitelist (and blacklist) config structures are copied in and out of
> existance by copy_config fine AFAIK.
>
> Jack -- are you using spamd? Are usernames being passed along somehow
> (via spamc -u, some other client?)? How are user preferences stored?
Sorry for the delay in responding, I thought it was a closed issue.
Yes, I'm using spamd.
Here is the line from my .procmailrc file:
|/usr/local/bin/spamc
As you can see, no user specified. Each user has their own user_prefs in
$HOME/.spamassassin.
Re: whitelist
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
Matt Kettler wrote:
> Matt Kettler wrote:
>> Jack Gostl wrote:
>>
>>> I have an odd problem. I have a user receiving spam from something like
>>> abcde@verybigcompany.com. Since he does business with verybigcompany.com,
>>> he had them in his white list, and as expected, the spam slipped through.
>>>
>>> Based on the advice I got in this newsgroup, I changed him from a
>>> straight:
>>>
>>> whitelist_from *@verybigcompany.com
>>>
>>> to
>>>
>>> whitelist_from_rcvd *@verybigcompany.com verybigcompany.com
>>>
>>> I think I did that right. So now the odd thing is that spam from
>>> verybigcompany.com is coming through on my PERSONAL account even
>>> though its
>>> not in my whitelist. The headers show that this is a "user in whitelist"
>>> situation. It may be happening to others, I haven't checked, but its weird
>>> enough that its happening to me.
>>>
>>> Now if I haven't confused everyone, I'm open to ideas.
>>>
>> Have you checked *all* the "from like" headers to see if any of them
>> match your whitelist. (ie: return-path, envelope-sender, etc, etc, etc)
>>
>> Have you tried running the same message through spamassassin -D to see
>> which exact address SA matched against?
>>
>>
>>
>
> One other thing to check.. if you use spamd you're probably subject to
> this bug:
>
> http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4179
No, it's not that bug. That bug is about user rules getting compiled
into methods at runtime and then not disposed off when the username gets
changed.
The whitelist (and blacklist) config structures are copied in and out of
existance by copy_config fine AFAIK.
Jack -- are you using spamd? Are usernames being passed along somehow
(via spamc -u, some other client?)? How are user preferences stored?
Daryl
Re: whitelist
Posted by Matt Kettler <mk...@verizon.net>.
Jack Gostl wrote:
>
> ----- Original Message ----- From: "Matt Kettler"
> <mk...@verizon.net>
> To: "Jack Gostl" <go...@argoscomp.com>
> Cc: "spam" <us...@spamassassin.apache.org>
> Sent: Thursday, December 06, 2007 8:19 PM
> Subject: Re: whitelist
>
>
>> Matt Kettler wrote:
>>> Jack Gostl wrote:
>>>
>>>> I have an odd problem. I have a user receiving spam from something
>>>> like
>>>> abcde@verybigcompany.com. Since he does business with
>>>> verybigcompany.com,
>>>> he had them in his white list, and as expected, the spam slipped
>>>> through.
>>>>
>>>> Based on the advice I got in this newsgroup, I changed him from a
>>>> straight:
>>>>
>>>> whitelist_from *@verybigcompany.com
>>>>
>>>> to
>>>>
>>>> whitelist_from_rcvd *@verybigcompany.com verybigcompany.com
>>>>
>>>> I think I did that right. So now the odd thing is that spam from
>>>> verybigcompany.com is coming through on my PERSONAL account even
>>>> though its
>>>> not in my whitelist. The headers show that this is a "user in
>>>> whitelist"
>>>> situation. It may be happening to others, I haven't checked, but
>>>> its weird
>>>> enough that its happening to me.
>>>>
>>>> Now if I haven't confused everyone, I'm open to ideas.
>>>>
>>> Have you checked *all* the "from like" headers to see if any of them
>>> match your whitelist. (ie: return-path, envelope-sender, etc, etc, etc)
>>>
>>> Have you tried running the same message through spamassassin -D to see
>>> which exact address SA matched against?
>>>
>>>
>>>
>>
>> One other thing to check.. if you use spamd you're probably subject to
>> this bug:
>>
>> http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4179
>
> This looks close enough to worry. I'm not used to reading those
> bugzilla reports. Is there a fix? Would I have to upgrade to the
> current release?
>
>
>
No, there's no published fix yet, but there's a patch targeted to go
into the next 3.2.x release if it gets enough votes from the PMC.
Re: whitelist
Posted by Jack Gostl <go...@argoscomp.com>.
----- Original Message -----
From: "Matt Kettler" <mk...@verizon.net>
To: "Jack Gostl" <go...@argoscomp.com>
Cc: "spam" <us...@spamassassin.apache.org>
Sent: Thursday, December 06, 2007 8:19 PM
Subject: Re: whitelist
> Matt Kettler wrote:
>> Jack Gostl wrote:
>>
>>> I have an odd problem. I have a user receiving spam from something like
>>> abcde@verybigcompany.com. Since he does business with
>>> verybigcompany.com,
>>> he had them in his white list, and as expected, the spam slipped
>>> through.
>>>
>>> Based on the advice I got in this newsgroup, I changed him from a
>>> straight:
>>>
>>> whitelist_from *@verybigcompany.com
>>>
>>> to
>>>
>>> whitelist_from_rcvd *@verybigcompany.com verybigcompany.com
>>>
>>> I think I did that right. So now the odd thing is that spam from
>>> verybigcompany.com is coming through on my PERSONAL account even
>>> though its
>>> not in my whitelist. The headers show that this is a "user in whitelist"
>>> situation. It may be happening to others, I haven't checked, but its
>>> weird
>>> enough that its happening to me.
>>>
>>> Now if I haven't confused everyone, I'm open to ideas.
>>>
>> Have you checked *all* the "from like" headers to see if any of them
>> match your whitelist. (ie: return-path, envelope-sender, etc, etc, etc)
>>
>> Have you tried running the same message through spamassassin -D to see
>> which exact address SA matched against?
>>
>>
>>
>
> One other thing to check.. if you use spamd you're probably subject to
> this bug:
>
> http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4179
This looks close enough to worry. I'm not used to reading those bugzilla
reports. Is there a fix? Would I have to upgrade to the current release?
Re: whitelist
Posted by Matt Kettler <mk...@verizon.net>.
Matt Kettler wrote:
> Jack Gostl wrote:
>
>> I have an odd problem. I have a user receiving spam from something like
>> abcde@verybigcompany.com. Since he does business with verybigcompany.com,
>> he had them in his white list, and as expected, the spam slipped through.
>>
>> Based on the advice I got in this newsgroup, I changed him from a
>> straight:
>>
>> whitelist_from *@verybigcompany.com
>>
>> to
>>
>> whitelist_from_rcvd *@verybigcompany.com verybigcompany.com
>>
>> I think I did that right. So now the odd thing is that spam from
>> verybigcompany.com is coming through on my PERSONAL account even
>> though its
>> not in my whitelist. The headers show that this is a "user in whitelist"
>> situation. It may be happening to others, I haven't checked, but its weird
>> enough that its happening to me.
>>
>> Now if I haven't confused everyone, I'm open to ideas.
>>
> Have you checked *all* the "from like" headers to see if any of them
> match your whitelist. (ie: return-path, envelope-sender, etc, etc, etc)
>
> Have you tried running the same message through spamassassin -D to see
> which exact address SA matched against?
>
>
>
One other thing to check.. if you use spamd you're probably subject to
this bug:
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4179
Re: whitelist
Posted by Matt Kettler <mk...@verizon.net>.
Jack Gostl wrote:
> I have an odd problem. I have a user receiving spam from something like
> abcde@verybigcompany.com. Since he does business with verybigcompany.com,
> he had them in his white list, and as expected, the spam slipped through.
>
> Based on the advice I got in this newsgroup, I changed him from a
> straight:
>
> whitelist_from *@verybigcompany.com
>
> to
>
> whitelist_from_rcvd *@verybigcompany.com verybigcompany.com
>
> I think I did that right. So now the odd thing is that spam from
> verybigcompany.com is coming through on my PERSONAL account even
> though its
> not in my whitelist. The headers show that this is a "user in whitelist"
> situation. It may be happening to others, I haven't checked, but its weird
> enough that its happening to me.
>
> Now if I haven't confused everyone, I'm open to ideas.
Have you checked *all* the "from like" headers to see if any of them
match your whitelist. (ie: return-path, envelope-sender, etc, etc, etc)
Have you tried running the same message through spamassassin -D to see
which exact address SA matched against?
>
>