User_in_whitelist

[Heuveltje]

Hello,

i am receiving image spam. As i look in het headers i see a thing that frustrates me.

X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on my-domain.tld
X-Spam-Level:
X-Spam-Status: No, score=-92.6 required=4.0 tests=EXTRA_MPART_TYPE,
HTML_IMAGE_ONLY_08,HTML_MESSAGE,MIME_HTML_MOSTLY,MPART_ALT_DIFF,
RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_DUL,UNPARSEABLE_RELAY,
USER_IN_WHITELIST autolearn=no version=3.1.7

I know that if user is in whitelist the score will be set to -100, but the strange thing is, the adres i'm receiving this mail from is absolutely NOT in my whitelist. Does anyone know how this can happen?

 

[nobaloney]

Which whitelist are you looking in?

Jeff

 

[Heuveltje]

The whitelist of my domain, in directadmin.

Where can i find "other" white-lists?

 

[nobaloney]

There's the SA system-wide whitelist (I don't know where it is) and the SpamBlocker whitelists at /etc/virtual/whitelist*.

Jeff

 

[Heuveltje]

All whitelist_* files in /etc/virtual are 0 bytes and thus empty.

Any ideas? Are they able to forge spam headers?

 

[xemaps]

this SA whitelist is in DA panel, user level, spamassassin setup,
locate whithelist you will find mail address and you can change or erase

you can change in etc/mail/spamassassin the value in local.cf

score USER_IN_WHITELIST 0

to be disabled

Please never use whithelist neither in SA, neither other application, this is unsecure & unsure.

 

[nobaloney]

All whitelist_* files in /etc/virtual are 0 bytes and thus empty.

The whitelist_* files in /etc/virtual are for your use, along with SpamBlocker, for domains listed in /etc/virtual/use_rbl_domains. You populate them yourself.

Any ideas? Are they able to forge spam headers?

Are who or what able to forge spam headers?

Jeff

 

[nobaloney]

this SA whitelist is in DA panel, user level, spamassassin setup,
locate whithelist you will find mail address and you can change or erase

you can change in etc/mail/spamassassin the value in local.cf

score USER_IN_WHITELIST 0

to be disabled
[/quote[
The above has nothing to do with the question about the whitelists in /etc/virtual/whitelist_*.

Please never use whithelist neither in SA, neither other application, this is unsecure & unsure.

The above is your opinion, and may of course work for you. We find whitelists extremely valuable. Using whitelists we make sure our clients get the email they need and want while we still block tens of thousands of spam emails daily.

Jeff

 

[xemaps]

Hey Jeff !

Do you mean :
i'm a spammer, i'm on the whitelist...
or
I'm on the whitelist, i can spam...

Clients have to revise spam position, isn't it ?

So a fakemail goes through 100%...

I suggest to not use whitelist and move right mail to inbox
In fact if you know how to use SA AWL, whitelist is useless.

 

[nobaloney]

I have no idea what you mean.

Jeff

 

[xemaps]

i mean whitelist is evil and shouldn't be used

 

[nobaloney]

That's your opinion. Let's leave it at that.

Jeff