Nelson Serafica wrote:
> I'm using spamassassin 3.2.5. Now, I must a
> whitelist_from containing *@foo.com in my local.cf
> .
>
> However, there are still 1 email that has been tagged as spam. In my
> understanding, if a domain was in whitelist_from, even if it was
> tagged as spam, it will delivered to the recipient.

First, be aware that SpamAssassin itself does not directly cause
messages to be deleted, rejected, or otherwise alter delivery.
SpamAssassin itself *ONLY* tags. The way it inserts itself into the mail
chain is very flexible, but gives SA no direct power over message
delivery, so tagging is the only thing it can possibly do. If it were to
try to delete the message, most mail tools would assume SA had crashed
and recover the original, unscanned message and deliver that.

Therefore, there is nothing in the SpamAssassin configuration that can
cause a message to be delivered "even if it is tagged as spam". SA can
only tag, or not tag. whitelist_from causes messages to be hit with a
-100 point rule named USER_IN_WHITELIST. This large negative score makes
it more-or-less impossible for the message to be tagged as spam. Pretty
much the only way to get SA to tag it when matching a whitelist would be
to put a GTUBE test signature into the message.

Your previously posted example was working perfectly, in that the
whitelist configuration caused SA to match USER_IN_WHITELIST, which
generated a hugely negative score, and therefore was not tagged as spam.
That's exactly what it should do.

If you've got something else that deletes mail when SA tags messages,
then that is the tool you'd need to configure if you want the message to
get tagged as spam, but still be delivered. Reconfiguring SA can't
change this, because SA doesn't (and in fact can't) delete the messages.

> I restart the spamd after I edit local.cf so it must
> take effect.
>
> Is this the right way to whitelist? As I check, when using 3.2.5, this
> is the right way of whitelisting a domain.

whitelist_from is never the "right" way to do anything. It is horribly
easy to forge. Use whitelist_from_rcvd, or preferably, whitelist in your
tools that call SA, bypassing it entirely and saving CPU time.