Strange whitelist issue
John Wilcock
john at TRADOC.FR
Thu Nov 20 09:33:35 GMT 2003
On Thu, 20 Nov 2003 20:22:19 +1100, Pete russell wrote:
> I have a spam that is getting through to many users with a -19 score,
> the reports says it is
>
> -15.00
> USER_IN_DEF_WHITELIST
> From: address is in the default white-list
>
>
> My whitelist contains only this entries
>
> From: 127.0.0.1 yes #to allow release from
> quarantine with mailwatch
> FromOrTo: default no
>
> Headers for the messages are this
>
> Received: from irpta50.nix.paypal.com (irpta50.nix.paypal.com
> [64.4.240.76])
> by mail01.mydoimain.com.au (Postfix) with SMTP id E231933D20
That report means that paypal is in *SpamAssassin*'s default
whitelist, not MailScanner's whitelist. The entries in
/usr/share/spamassassin/60_whitelist.cf check that the domain matches
a received line, but a few spammers seem to have picked up on the fact
that a forged received line and a matching forged from address can get
them past SA.
John.
--
-- Over 2000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages - www.tradoc.fr
More information about the MailScanner
mailing list