sender shows up in whitelist even though they aren't

[Erickarlo Porro <ep...@earthcam.com>]

I had an email come in that passed a whitelist check even though I do not have that email address as a whitelist_from.

The From header shows: From: <Suzanne.Noble@>
Re-running the message through debug shows:
dbg: eval: all '*From' addrs: Suzanne.Noble@
dbg: rules: address suzanne.noble@ matches whitelist or blacklist regexp: ^.*\@$
dbg: rules: ran eval rule USER_IN_WHITELIST ======> got hit (1)

So it appears that because the from header had nothing after the @ sign, it was whitelisted. But I searched all of my configs and I don't have anything that looks like "noble@" or "*@" so how did this message get through? Any ideas?

I am on version 3.3.1 in case this might be a bug that was already fixed in the newer versions.

Thanks,
Eric

Re: sender shows up in whitelist even though they aren't

["Kevin A. McGrail" <KM...@PCCC.com>]

On 8/18/2015 6:13 PM, RW wrote:
> On Tue, 18 Aug 2015 21:44:31 +0000
> Erickarlo Porro wrote:
>
>> Forgot to add that my intention was not to have that space in between
>> @ and the domain. It was just a typo but lint didn't report a problem
>> before which is why I was never aware that it was typed like that.
>> That could possibly be something that shouldn't be allowed to happen
>> and should spit out an error.
> You can have multiple whitelist entries on the same line separated by
> spaces.
Good point!  OK, just a config issue then.

Re: sender shows up in whitelist even though they aren't

[RW <rw...@googlemail.com>]

On Tue, 18 Aug 2015 21:44:31 +0000
Erickarlo Porro wrote:

> Forgot to add that my intention was not to have that space in between
> @ and the domain. It was just a typo but lint didn't report a problem
> before which is why I was never aware that it was typed like that.
> That could possibly be something that shouldn't be allowed to happen
> and should spit out an error.

You can have multiple whitelist entries on the same line separated by
spaces. 

RE: sender shows up in whitelist even though they aren't

[Erickarlo Porro <ep...@earthcam.com>]

Forgot to add that my intention was not to have that space in between @ and the domain. It was just a typo but lint didn't report a problem before which is why I was never aware that it was typed like that. That could possibly be something that shouldn't be allowed to happen and should spit out an error.

From: Erickarlo Porro [mailto:eporro@earthcam.com]
Sent: Tuesday, August 18, 2015 5:25 PM
To: users@spamassassin.apache.org
Subject: RE: sender shows up in whitelist even though they aren't

I was able to figure this out. By suggestion of Kevin, I ran the debug again without my whitelist configs and there was no match to my whitelist. I then broke up my whitelist configs until it found a match. I was then able to see that I had a config as "*@ domain.com" so even though the line did not end with the @ symbol, part of the line did which is how it found was able to match it.

From: Erickarlo Porro [mailto:eporro@earthcam.com]
Sent: Friday, August 14, 2015 11:01 AM
To: users@spamassassin.apache.org<ma...@spamassassin.apache.org>
Subject: sender shows up in whitelist even though they aren't

I had an email come in that passed a whitelist check even though I do not have that email address as a whitelist_from.

The From header shows: From: <Suzanne.Noble@>
Re-running the message through debug shows:
dbg: eval: all '*From' addrs: Suzanne.Noble@
dbg: rules: address suzanne.noble@ matches whitelist or blacklist regexp: ^.*\@$
dbg: rules: ran eval rule USER_IN_WHITELIST ======> got hit (1)

So it appears that because the from header had nothing after the @ sign, it was whitelisted. But I searched all of my configs and I don't have anything that looks like "noble@" or "*@" so how did this message get through? Any ideas?

I am on version 3.3.1 in case this might be a bug that was already fixed in the newer versions.

Thanks,
Eric

RE: sender shows up in whitelist even though they aren't

[Erickarlo Porro <ep...@earthcam.com>]

I was able to figure this out. By suggestion of Kevin, I ran the debug again without my whitelist configs and there was no match to my whitelist. I then broke up my whitelist configs until it found a match. I was then able to see that I had a config as "*@ domain.com" so even though the line did not end with the @ symbol, part of the line did which is how it found was able to match it.

From: Erickarlo Porro [mailto:eporro@earthcam.com]
Sent: Friday, August 14, 2015 11:01 AM
To: users@spamassassin.apache.org
Subject: sender shows up in whitelist even though they aren't

I had an email come in that passed a whitelist check even though I do not have that email address as a whitelist_from.

The From header shows: From: <Suzanne.Noble@>
Re-running the message through debug shows:
dbg: eval: all '*From' addrs: Suzanne.Noble@
dbg: rules: address suzanne.noble@ matches whitelist or blacklist regexp: ^.*\@$
dbg: rules: ran eval rule USER_IN_WHITELIST ======> got hit (1)

So it appears that because the from header had nothing after the @ sign, it was whitelisted. But I searched all of my configs and I don't have anything that looks like "noble@" or "*@" so how did this message get through? Any ideas?

I am on version 3.3.1 in case this might be a bug that was already fixed in the newer versions.

Thanks,
Eric