You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Chris <cp...@earthlink.net> on 2006/10/11 04:03:08 UTC
whitelist'd address but tagged spam
As I was manually going through my spamfolder this evening I ran across a
message from my son that was tagged as spam. I have a manual whitelist .cf
file in /etc/mail/spamassassin and he is in the whitelist:
whitelist_from Brian Pollock <bl...@yahoo.com>
The from message header shows I've entered the right address:
From: Brian Pollock <bl...@yahoo.com>
I don't even see where a whitelist entry was checked:
0.0 DK_POLICY_SIGNSOME Domain Keys: policy says domain signs some mails
0.0 DK_POLICY_TESTING Domain Keys: policy says domain is testing DK
0.0 DK_SIGNED Domain Keys: message has an unverified signature
-0.0 DK_VERIFIED Domain Keys: signature passes verification
1.5 BE_BOSS BODY: Be your own boss
0.0 HTML_MESSAGE BODY: HTML included in message
1.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.5000]
1.4 HTML_10_20 BODY: Message is 10% to 20% HTML
0.2 DNS_FROM_RFC_ABUSE RBL: Envelope sender in abuse.rfc-ignorant.org
1.4 DNS_FROM_RFC_WHOIS RBL: Envelope sender in whois.rfc-ignorant.org
1.7 DNS_FROM_RFC_POST RBL: Envelope sender in
postmaster.rfc-ignorant.org
1.0 SAGREY Adds 1.0 to spam from first-time senders
Another non-spam message I've received that I have the from address in my
whitelist was tagged correctly:
whitelist_from harley-request@the-hed.net
From: harley-request@the-hed.net
X-Spam-Status: No, score=-102.7 required=5.0 tests=AWL,BAYES_00,
DATE_IN_PAST_96_XX,DCC_CHECK,NO_REAL_NAME,USER_IN_WHITELIST
autolearn=disabled version=3.1.5
BTW, this was from a message of 5 Oct, I've upgraded to 3.1.7 tonight.
Was it not checked because of the syntax of the whitelist_from?
whitelist_from Brian Pollock <bl...@yahoo.com>
vs
whitelist_from harley-request@the-hed.net
For him I have his name as well as his email address < >
Or am I screwed up here?
--
Chris
Re: whitelist'd address but tagged spam
Posted by Theo Van Dinter <fe...@apache.org>.
On Tue, Oct 10, 2006 at 09:03:08PM -0500, Chris wrote:
> whitelist_from Brian Pollock <bl...@yahoo.com>
whitelist_from (which you generally should avoid using) takes email addresses.
SA won't parse the above line to get the email address out.
> The from message header shows I've entered the right address:
> From: Brian Pollock <bl...@yahoo.com>
You'd want "whitelist_from blackwell_125@yahoo.com". As has been noted
numerous times, whitelist_from is easily forged, which is why it's generally
not recommended to use.
> Was it not checked because of the syntax of the whitelist_from?
>
> whitelist_from Brian Pollock <bl...@yahoo.com>
> vs
> whitelist_from harley-request@the-hed.net
Yes. :)
--
Randomly Selected Tagline:
"If you're choking someone, and you remove your hand, you're going to get
punched in the face." - Hal Stern
Re: whitelist'd address but tagged spam
Posted by Matt Kettler <mk...@verizon.net>.
Chris wrote:
> On Tuesday 10 October 2006 9:46 pm, Matt Kettler wrote:
>
>> Yes, whitelist_from_rcvd is a significantly better command to use. It
>> takes two parameters, the email address, and part of a RDNS lookup of a
>> host that delivered the mail.
>>
>> ie:
>> whitelist_from_rcvd mkettler_sa@evi-inc.com xan.evi-inc.com
>> or
>> whitelist_from_rcvd mkettler_sa@evi-inc.com evi-inc.com
>>
>
> Thanks Matt, so in my case it would be:
>
> whitelist_from_rcvd blackwell_125@yahoo.com yahoo.com
>
>
That depends.. What's in the Received: header.. probably yahoo.com, but
check to make sure.
And if it fails to work properly, even if the Received: headers look
right, check out:
http://wiki.apache.org/spamassassin/TrustPath
Re: whitelist'd address but tagged spam
Posted by Chris <cp...@earthlink.net>.
On Tuesday 10 October 2006 9:46 pm, Matt Kettler wrote:
> Chris wrote:
> > On Tuesday 10 October 2006 9:15 pm, Matt Kettler wrote:
> >> Chris wrote:
> >>> Was it not checked because of the syntax of the whitelist_from?
> >>
> >> Yes, it's invalid to put anything but an email address after
> >> whitelist_from. The "Brian Pollock" part is unacceptable.
> >>
> >>> whitelist_from Brian Pollock <bl...@yahoo.com>
> >>> vs
> >>> whitelist_from harley-request@the-hed.net
> >>>
> >>> For him I have his name as well as his email address < >
> >>>
> >>> Or am I screwed up here?
> >
> > Thanks Theo and Matt, I see my error now. Theo, is whitelist_from_rcvd
> > then the correct syntax to use?
>
> Yes, whitelist_from_rcvd is a significantly better command to use. It
> takes two parameters, the email address, and part of a RDNS lookup of a
> host that delivered the mail.
>
> ie:
> whitelist_from_rcvd mkettler_sa@evi-inc.com xan.evi-inc.com
> or
> whitelist_from_rcvd mkettler_sa@evi-inc.com evi-inc.com
Thanks Matt, so in my case it would be:
whitelist_from_rcvd blackwell_125@yahoo.com yahoo.com
--
Chris
Re: whitelist'd address but tagged spam
Posted by Matt Kettler <mk...@verizon.net>.
Chris wrote:
> On Tuesday 10 October 2006 9:15 pm, Matt Kettler wrote:
>
>> Chris wrote:
>>
>>> Was it not checked because of the syntax of the whitelist_from?
>>>
>> Yes, it's invalid to put anything but an email address after
>> whitelist_from. The "Brian Pollock" part is unacceptable.
>>
>>
>>> whitelist_from Brian Pollock <bl...@yahoo.com>
>>> vs
>>> whitelist_from harley-request@the-hed.net
>>>
>>> For him I have his name as well as his email address < >
>>>
>>> Or am I screwed up here?
>>>
>
> Thanks Theo and Matt, I see my error now. Theo, is whitelist_from_rcvd then
> the correct syntax to use?
Yes, whitelist_from_rcvd is a significantly better command to use. It
takes two parameters, the email address, and part of a RDNS lookup of a
host that delivered the mail.
ie:
whitelist_from_rcvd mkettler_sa@evi-inc.com xan.evi-inc.com
or
whitelist_from_rcvd mkettler_sa@evi-inc.com evi-inc.com
Re: whitelist'd address but tagged spam
Posted by Chris <cp...@earthlink.net>.
On Tuesday 10 October 2006 9:15 pm, Matt Kettler wrote:
> Chris wrote:
> > Was it not checked because of the syntax of the whitelist_from?
>
> Yes, it's invalid to put anything but an email address after
> whitelist_from. The "Brian Pollock" part is unacceptable.
>
> > whitelist_from Brian Pollock <bl...@yahoo.com>
> > vs
> > whitelist_from harley-request@the-hed.net
> >
> > For him I have his name as well as his email address < >
> >
> > Or am I screwed up here?
Thanks Theo and Matt, I see my error now. Theo, is whitelist_from_rcvd then
the correct syntax to use?
Thanks
Chris
--
Chris
Re: whitelist'd address but tagged spam
Posted by Matt Kettler <mk...@verizon.net>.
Chris wrote:
>
> Was it not checked because of the syntax of the whitelist_from?
>
Yes, it's invalid to put anything but an email address after
whitelist_from. The "Brian Pollock" part is unacceptable.
> whitelist_from Brian Pollock <bl...@yahoo.com>
> vs
> whitelist_from harley-request@the-hed.net
>
> For him I have his name as well as his email address < >
>
> Or am I screwed up here?
>
>
>