You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by jdow <jd...@earthlink.net> on 2005/07/27 00:03:23 UTC
SARE Whitelist candidate
whitelist_from_rcvd *@fidelity2.m0.net fidelity2.m0.net
Fidelity Investment's Newsletters
{^_^}
Re: SARE Whitelist candidate
Posted by Robert Menschel <Ro...@Menschel.net>.
Hello jdow,
Tuesday, July 26, 2005, 3:03:23 PM, you wrote:
j> whitelist_from_rcvd *@fidelity2.m0.net fidelity2.m0.net
j> Fidelity Investment's Newsletters
Got it. Thanks. Will validate, and then publish shortly.
Bob Menschel
Re[2]: SARE Whitelist candidate
Posted by Robert Menschel <Ro...@Menschel.net>.
Hello Andy,
Wednesday, July 27, 2005, 7:13:01 AM, you wrote:
AJ> Didn't know there was a SARE whitelist.
Discussed on this list a few months back, while experimenting with it
on my own system. Then announced it here when published, but otherwise
it's been quiet. Worth mentioning from time to time...
AJ> Here'sanother Fidelity E-Mail address we whitelist:
AJ> fidelityinvestments@fulfillmentconcepts.com
Thanks, but I need more than just the email address. It's much, much
too easy for spammers to forge/fake an email address in their From
header.
We use the whitelist_from_rcvd directive instead,
> whitelist_from_rcvd EmailAddress ServerDomain
SpamAssassin identifies which Received headers are trusted (belong to
your system, or otherwise are trusted to pass you accurate information
about the upstream/sending server). It compares the sending server in
the last of these against the ServerDomain parameter.
Only if both the email address pattern and the server domain match is
the email whitelisted.
Even if the spammer fakes the email address, and generates a bogus
Received header with the server domain, that received header will not
be trusted (it wasn't generated by your system), and therefore the
email won't be whitelisted in error.
If you can send me a copy of the email, or at least its full headers
(no need for any of the confidential information that might be in the
body), I can identify the correct server domain to include in the
directive.
Bob Menschel
Re: SARE Whitelist candidate
Posted by Andy Jezierski <aj...@stepan.com>.
"jdow" <jd...@earthlink.net> wrote on 07/26/2005 05:03:23 PM:
> whitelist_from_rcvd *@fidelity2.m0.net fidelity2.m0.net
> Fidelity Investment's Newsletters
>
>
> {^_^}
>
Didn't know there was a SARE whitelist. Here's another Fidelity E-Mail
address we whitelist:
fidelityinvestments@fulfillmentconcepts.com
Andy