Strange whitelist issue

John Wilcock john at TRADOC.FR
Thu Nov 20 09:33:35 GMT 2003

On Thu, 20 Nov 2003 20:22:19 +1100, Pete russell wrote:
> I have a spam that is getting through to many users with a -19 score,
> the reports says it is
> -15.00
> From: address is in the default white-list
> My whitelist contains only this entries
> From:        yes             #to allow release from
> quarantine with mailwatch
> FromOrTo:       default         no
> Headers for the messages are this
> Received: from (
> [])
> by (Postfix) with SMTP id E231933D20

That report means that paypal is in *SpamAssassin*'s default
whitelist, not MailScanner's whitelist. The entries in
/usr/share/spamassassin/ check that the domain matches
a received line, but a few spammers seem to have picked up on the fact
that a forged received line and a matching forged from address can get
them past SA.


-- Over 2000 webcams from ski resorts around the world -
-- Translate your technical documents and web pages    -

More information about the MailScanner mailing list