You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Steve Lake <st...@raiden.net> on 2006/10/19 02:25:46 UTC

Turn off auto white list?

         Ok, I'm starting to get a bunch of spams coming through that are 
tagged as white listed, so all I can think of is that they somehow got into 
the auto white list.  First, how do I turn it off, and second how do I 
clear the list?  I know I did this once long ago, but that was like 2-3 
servers ago and gawd knows how many versions and iterations of SA.  lol.


Steven Lake
Owner/Technical Writer
Raiden's Realm
www.raiden.net
A friendly web community

Re: Turn off auto white list?

Posted by Matt Kettler <mk...@verizon.net>.

Steve Lake wrote:
>         Ok, I'm starting to get a bunch of spams coming through that
> are tagged as white listed, so all I can think of is that they somehow
> got into the auto white list.

Well, First, let's clear up what you mean by "tagged as whitelisted"..
the AWL just shows up as a rule called AWL. Nothing else.

If you're seeing USER_IN_WHITELIST, that's caused by a whitelist_from,
whitelist_from_rcvd, or whitelist_from_spf command.

99.9% of the time, this is caused by someone naively doing
"whitelist_from *@mydomain.com". All a spammer needs to do is forge a
From: header, or envelope MAIL FROM, and they're whitelisted. DO NOT do
this. If you must whitelist your domain, use whitelist_from_rcvd.

Also, while we are at it, you should know the AWL isn't a whitelist.
It's just named that because it describes one of it's effects. It's
really a history-tracking score averager. Don't worry too much about the
AWL unless it's directly causing your FPs or FNs.

Suggested reading:

http://wiki.apache.org/spamassassin/AwlWrongWay

>   First, how do I turn it off, 
Assuming SA 3.0.0 or higher, "use_auto_whitelist 0" in your local.cf
will do it.

For SA 3.1.0 you can go even further and comment out the loadplugin
statement for the AWL plugin in your v310.pre. This will cause the AWL
code to not even be loaded.
> and second how do I clear the list?  
You can just remove the DB.. it should be in ~/.spamassassin

You can also clear individual entries using spamassassin
--remove-addr-from-whitelist <address to remove>

You can dump the db file by feeding it to the check_whitelist script
that's in the tools subdirectory of the source tarball.
> I know I did this once long ago, but that was like 2-3 servers ago and
> gawd knows how many versions and iterations of SA.  lol.