You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Scott Kopel <ko...@english.fsu.edu> on 2006/12/01 00:02:39 UTC
whitelisted where?
I'm noticing a bunch of obviously spam that is getting thru because
it is "whitelisted"
where is this whitelist? it's not something I created.
it's not the auto_whitelist is it? wouldn't that say AWL
is it the phishing whitelist? when I start MailScanner I see "Read
755 hostnames from the phishing whitelist"
thanks for any help
s
Return-Path: <iy...@fix.net>
Received: from 4C2B80B8 (computername.voip.canet.ne.jp
[202.58.145.231] (may be forged))
by englishmail.fsu.edu (8.13.3/8.12.9) with SMTP id kAUJvfwn002997;
Thu, 30 Nov 2006 14:57:48 -0500
Received: from cyberc79 (unverified [202.58.145.231])
by btcc.org (SurgeMail 3.1c) with ESMTP id 97935670
for <jo...@english.fsu.edu>; Thu, 30 Nov 2006 11:57:22 -0800
Date: Thu, 30 Nov 2006 11:57:22 -0800
From: "YING FRAZIER" <iy...@fix.net>
MIME-Version: 1.0
To: jorourke@english.fsu.edu
Cc: jkimbrell@english.fsu.edu, ledwards@english.fsu.edu,
lwideman@english.fsu.edu, jmcgregory@english.fsu.edu,
jemcs@english.fsu.edu, kpadgett@english.fsu.edu,
kpicart@english.fsu.edu
Subject: re:You can't go wrong ...
Message-Id: <27...@PYVR>
X-Authentication-Warning: localhost.localdomain: apache set sender to
iyaye@fix.net using -f
X-Accept-Language: en-us, en
Content-Type: multipart/related;
boundary="------------MultiSham466971670361690949053174"
X-English-FSU-MailScanner: Found to be clean
X-English-FSU-MailScanner-SpamCheck: not spam (whitelisted),
SpamAssassin (score=41.052, required 4, autolearn=spam,
BAYES_60 1.00, HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.00,
RCVD_IN_BL_SPAMCOP_NET 7.00, RCVD_IN_DSBL 2.60,
RCVD_IN_SORBS_WEB 1.46, RCVD_IN_XBL 3.90, URIBL_AB_SURBL 3.81,
URIBL_BLACK 3.00, URIBL_JP_SURBL 7.00, URIBL_OB_SURBL 3.01,
URIBL_SBL 1.64, URIBL_SC_SURBL 4.50, URIBL_WS_SURBL 2.14)
X-English-FSU-MailScanner-Envelope-From: iyaye@fix.net
Scott Kopel
English Department - FSU
850 644 6177
Re: whitelisted where?
Posted by Craig Morrison <cr...@2cah.com>.
Scott Kopel wrote:
> I'm noticing a bunch of obviously spam that is getting thru because it
> is "whitelisted"
> where is this whitelist? it's not something I created.
> it's not the auto_whitelist is it? wouldn't that say AWL
> is it the phishing whitelist? when I start MailScanner I see "Read 755
> hostnames from the phishing whitelist"
> thanks for any help
[snippage]
> X-English-FSU-MailScanner-SpamCheck: not spam (whitelisted),
I think you answered your own question here..
'not spam (whitelisted)' is not something SA adds.
Might wanna tug the chain for the MailScanner folks.
--
Craig
Re: whitelisted where?
Posted by Matt Kettler <mk...@verizon.net>.
Scott Kopel wrote:
> I'm noticing a bunch of obviously spam that is getting thru because it
> is "whitelisted"
> where is this whitelist? it's not something I created.
> it's not the auto_whitelist is it? wouldn't that say AWL
Yes, that would say AWL. And SA's whitelist_from* would sa
USER_IN_WHITELIST.
> is it the phishing whitelist? when I start MailScanner I see "Read 755
> hostnames from the phishing whitelist"
No, that merely exempts certian sites from the phishing net that tries
to detect phishing attempts like:
<a href= foo.com>signin.ebay.com</a>
> thanks for any help
This message was whitelisted at the Mailscanner by the file pointed to
by your "Is Definitely Not Spam" setting in your MailScanner.conf.
Words of advice: My guess is that you whitelisted all mail to one or
more recipients, and that this message was actually sent to several
people at once, including one whitelisted user. Since there's only one
message to act on, MailScanner honored the recipient whitelist. There's
a whole lot of people in the Cc: line.. are any of them listed in your
whitelist for "To"?
It's also possible there were more recipients that were Bcc'ed in
(typical for spam). To find these, try grepping your maillog for the
SMTP id:
grep kAUJvfwn002997 /var/log/maillog
Re: whitelisted where?
Posted by Craig Morrison <cr...@2cah.com>.
Scott Kopel wrote:
> I'm noticing a bunch of obviously spam that is getting thru because it
> is "whitelisted"
> where is this whitelist? it's not something I created.
> it's not the auto_whitelist is it? wouldn't that say AWL
> is it the phishing whitelist? when I start MailScanner I see "Read 755
> hostnames from the phishing whitelist"
As a follow-up: http://wiki.mailscanner.info/doku.php?id=maq:index
#
For whitelist: edit the spam.whitelist.rules from the rules directory
following the format shown in the file.
#
--
Craig