Whitelist Problem - Still!

Wed Aug 14 17:56:24 IST 2002

> At 10:57 13/08/2002, you wrote:
>>On Mon, 12 Aug 2002 18:31:37 PST, you wrote:
>>
>> >Return-Path: <owner-mailscanner at JISCMAIL.AC.UK>
>>
>>This is taken from the enveloppe sender (mail from:).
>
> Not always present. In sendmail you need a flag in the definition of the
"local" mailer to do this.
>
>> >Received: from smtp.jiscmail.ac.uk (smtp.jiscmail.ac.uk
>> [130.246.192.48])
>> >          by netlx010.civ.utwente.nl (8.11.4/HKD) with ESMTP id
>> g7D3s7E10837 for <P.G.M.Peters at CIV.UTWENTE.NL>; Tue, 13 Aug
>> 2002 05:54:07 +0200
>>
>>This address was present in the enveloppe header as the recipient (rcpt
>> to:)
>
> You have to ensure you use the last one of these (i.e. the first in the
headers) as it gets changed by ".forward" files and mailing list
exploders.
>
>> >From: Nathan Johanson <nathan at tcpnetworks.net>
>>
>>This is the From: header in the message.
>>
>> >To: MAILSCANNER at JISCMAIL.AC.UK
>>
>>And this is the To: header in the message.
>>
>> >X-UTwente-MailScanner: Found to be clean
>> >X-UTwente-MailScanner-SpamCheck: RFC-IGNORANT-WHOIS
>> >
>> >Is it possible for someone to illustrate the difference between the
>> "envelope sender address" versus the "From" header?
>> >
>> >Maybe grab a full email header, paste it into a reply to the list,
>> and point out which is which? This seems like a recurring question and
now I'm even beginning to question my own understanding of it. it might
even be a good item for the FAQ. If I was convinced I
>> understood it, I would write it myself :)
>>
>>I included the relevant headers from your mail message. :-)
>>
>>And the correspondenting log-lines (removed irrelevant information):
>> |g7D3s7E10837: from=<owner-mailscanner at JISCMAIL.AC.UK>,
>>|g7D3s7E10837: to=<P.G.M.Peters at CIV.UTWENTE.NL>, delay=00:00:00,
>
> --
> Julian Field                Teaching Systems Manager
> jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science Tel.
023 8059 2817          University of Southampton
>                              Southampton SO17 1BJ

I'm still having problems getting the spam.whitelist.conf file to work.  I
must be doing something really obviously wrong but I can't see it.

Here's what I have in spam.whitelist.conf

# The following examples show what can be done here:
#From: jkf at ecs.soton.ac.uk
#From: JulianField.net
#From: *.ecs.soton.ac.uk
#To:   spam@*
#To:   abuse at your.domain.com
From: lyris.gamespy.com

and here's a couple of lines for my miallog...

Aug 12 08:54:33 tiger sendmail[22724]: g7CCsWZ22724:
from=<bounce-portal-daily-html-7473066 at lyris.gamespy.com>, size=35280,
class=0,nrcpts=1,
msgid=<LISTMANAGER-7473066-5970396-2002.08.12-00.12.19--gerry#dorfam.ca at lyris.gamespy.com>,
proto=SMTP, daemon=MTA, relay=lyris.gamespy.com [207.38.1.8]

Aug 12 08:54:49 tiger mailscanner[22583]: Scanning 1 messages, 35746 bytes

Aug 12 08:54:53 tiger mailscanner[22583]: Message g7CCsWZ22724 from
207.38.1.8 (lyris.gamespy.com) is spam according to SpamAssassin
(score=24.2, required 7, MSGID_CHARS_SPAM, PLING, DOUBLE_CAPSWORD,
CLICK_BELOW, HTTP_WITH_EMAIL_IN_URL, UNSUB_PAGE, SUPERLONG_LINE,
HTML_WITH_BGCOLOR, BIG_FONT, MAILTO_LINK, TRACKER_ID, RELAYING_FRAME,
JAVASCRIPT, CLICK_HERE_LINK, MIME_EXCESSIVE_QP, FROM_AND_TO_SAME,
CTYPE_JUST_HTML, AWL)

Why was this message still marked as spam?  Shouldn't it have been
whitelisted and passed through without checking?

Gerry