> romanovsky wrote:
> >OS: Debian Sarge
> >SpamAssassin: 3.0.3-2
> >Problem description:
> >user@domain sends a ham message to himself (i.e. From:==To:==user@domain).
> >Autowhiltelisting mechanism adds user@domain to the whiltelist.
> >A spammer sends spam to user@domain from forged address user@domain.
> >Spam gets through with USER_IN_WHITELIST rule.
> >The question is: how to disable autowhiltelisting in case of From:==To:?


On 13.03.08 09:18, Matt Kettler wrote:
> USER_IN_WHITELIST has nothing to do with the autowhitelist. The
> autowhitelist will show up as a rule named AWL.
>
> USER_IN_WHITELIST means the message matched a whitelist_from,
> whitelist_from_rcvd, or whitelist_from_spf statement in your configfiles.
>
> Odds are, there's a well meaning, but woefully mistaken "whitelist_from
> *@domain" in the config somewhere..


whitelisting own domain is an obvious mistake and causes many falze
negatives - spammers found out this issue long ago and are forging from
addresses to be from the same domain (or even user) as the recipient.

someone should make an FAQ entry in wiki for whitelisting...

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I feel like I'm diagonally parked in a parallel universe.