'whitelist_from_rcvd' has stopped working. help!

In 2.60, we tightened up a possible hole that could have been exploited by spammers. Now, 'whitelist_from_rcvd' will only use data from headers inserted by relays that are 'trusted'.

For some users and some networks, this may result in whitelists not being used any more, if SpamAssassin cannot automatically infer the correct trusted relays for your network. In this case, you need to use the 'trusted_networks' configuration setting.

For example, if your organization uses your ISP's MX, and picks up the mail from there, you will need to specify that host as 'trusted'; SpamAssassin will probably not be able to infer that automatically.

Documentation on 'trusted_networks' can be found here:

http://spamassassin.apache.org/doc/Mail_SpamAssassin_Conf.html

Please note that "trust" in this case does not refer to whether the machine in question is trusted not to relay spam; it just refers to whether the machine is trusted not to forge headers or lie about a mail's originating IP address.

You can determine if a host is trusted by running a message which came via that host through "spamassassin -D", e.g.:

  [copy message to "tstmsg"]
  spamassassin -D -L -t < tstmsg > out 2>&1
  grep trust out
  debug: received-header: relay 62.245.239.18 trusted? no
  debug: received-header: relay 217.228.247.64 trusted? no

In this case, both of the relays it came through are untrusted. If I wanted to trust 62.245.239.18, I would add this line to /etc/mail/spamassassin/local.cf :

    trusted_networks 62.245.239.18

WhitelistFromRcvdAndTrust (last edited 2009-09-20 23:17:04 by localhost)