From: Matt Kettler
Date: Wed, 29 Oct 2008 08:24:25 -0400

Benny Pedersen wrote:
> On Wed, October 29, 2008 10:18, Nelson Serafica wrote:
>
>
>> Is this the right way to whitelist? As I check, when using 3.2.5, this is
>> the right way of whitelisting a domain.
>>

>
> the more i hear about whitelist_from the more i want to make a bug on it,
> whitelist_from should imho newer have being implemented
>

Agreed. whitelist_from sucks. However, it's there as a method of
last-resort. There are some messages you can't whitelist in SA using any
other method. (ie: when the sender's server doesn't have reverse DNS).

Since whitelist_from is spoofable wouldn't it make sense to have
different scores assigned to whitelist_from and whitelist_from_rcvd?
Right now if an email is in either you get a hit on USER_IN_WHITELIST,
which is scored at a -100 by default. So split out
USER_IN_RCVD_WHITELIST hits from USER_IN_WHITELIST.

-jeff