romanovsky wrote:
> OS: Debian Sarge
> SpamAssassin: 3.0.3-2
> Problem description:
> user@domain sends a ham message to himself (i.e. From:==To:==user@domain).
> Autowhiltelisting mechanism adds user@domain to the whiltelist.
> A spammer sends spam to user@domain from forged address user@domain.
> Spam gets through with USER_IN_WHITELIST rule.
> The question is: how to disable autowhiltelisting in case of From:==To:?

USER_IN_WHITELIST has nothing to do with the autowhitelist. The
autowhitelist will show up as a rule named AWL.

USER_IN_WHITELIST means the message matched a whitelist_from,
whitelist_from_rcvd, or whitelist_from_spf statement in your configfiles.

Odds are, there's a well meaning, but woefully mistaken "whitelist_from
*@domain" in the config somewhere..

> Thanks for your help.