Curious about USER_IN_WHITELIST
Matt Kettler
mkettler at EVI-INC.COM
Thu Jan 20 20:38:00 GMT 2005
At 03:09 PM 1/20/2005, Diane Rolland wrote:
>I have SA 2.55 (as pre-installed on my RedHat Enterprise 3). I'll probably
>need to update that sometime....
Ouch.. Ok, 2.55 still used whitelist_from_rcvd in the default rules.
If I recall correctly, it's also vulnerable to Received: path spoofing, so
whitelist_from_rcvd doesn't work properly in the 2.5x series. It didn't
work correctly until 2.6x added trusted_networks.
Since all whitelist statements are inherently broken in 2.5x, you'll
probably want to outright remove /usr/share/spamassassin/60_whitelist.cf
until you have a chance to upgrade.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list