From owner-freebsd-ports@FreeBSD.ORG  Thu Aug 30 10:28:43 2007
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 8730816A419
	for <freebsd-ports@freebsd.org>; Thu, 30 Aug 2007 10:28:43 +0000 (UTC)
	(envelope-from John.Marshall@riverwillow.com.au)
Received: from mail2.riverwillow.net.au (ns2.riverwillow.net.au [203.58.93.41])
	by mx1.freebsd.org (Postfix) with ESMTP id 1829713C461
	for <freebsd-ports@freebsd.org>; Thu, 30 Aug 2007 10:28:40 +0000 (UTC)
	(envelope-from John.Marshall@riverwillow.com.au)
Received: from rwmail.mby.riverwillow.net.au (rwsrv06.rw2.riverwillow.net.au
	[172.25.25.16])
	by mail2.riverwillow.net.au (8.14.1/8.14.1) with ESMTP id
	l7UACaJ3012703; Thu, 30 Aug 2007 20:12:36 +1000 (AEST)
Received: from [172.25.25.68] ([172.25.25.68] RDNS failed) by
	rwmail.mby.riverwillow.net.au with Microsoft SMTPSVC(6.0.3790.3959); 
	Thu, 30 Aug 2007 20:12:36 +1000
Message-ID: <46D6980D.8050505@riverwillow.com.au>
Date: Thu, 30 Aug 2007 20:12:29 +1000
From: John Marshall <John.Marshall@riverwillow.com.au>
Organization: Riverwillow Pty Ltd
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Stefan Lambrev <stefan.lambrev@moneybookers.com>
References: <46D67CB6.1080100@moneybookers.com>
In-Reply-To: <46D67CB6.1080100@moneybookers.com>
Content-Type: text/plain; charset=windows-1251; format=flowed
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 30 Aug 2007 10:12:36.0675 (UTC)
	FILETIME=[49ED4130:01C7EAEE]
Cc: "scheidell@secnap.net" <scheidell@secnap.net>,
	"freebsd-ports@freebsd.org" <freebsd-ports@freebsd.org>
Subject: Re: p5-Mail-SpamAssassin-3.2.3 - manual whitelist_from broken
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Aug 2007 10:28:43 -0000

Stefan Lambrev wrote:
> Hello,
> 
> I noticed that after upgrading spamassassin to the latest (in ports) 
> version, manual whitelist is somehow broken.
> In previous version spamassassin detects without a problem forged "From" 
> headers and even with "whitelist_from *@domain.com"
> mails that are spam got caught.
> 
> With the latest version of spamassassins the following example will not 
> be detected as spam:
> 
>  >telnet mailserver-spamprotected.com 25
>  >helo somedomain.com
>  >mail from: spoof@somedomain.com
>  >rcpt to: validuser@mailserver-spamprotected.com
>  >data
> From: validuser@mailserver-spamprotected.com
> some spam xxx.
> .
>  >quit
> 
> In this case whitelist_from *@mailserver-spamprotected.com is triggered, 
> and I'm pretty sure that wasn't a case in older versions of spamassassin.
> 
> Any ideas what is changed, and how I can restored the old behavior.
> 

As far as I know, nothing has changed. What you are seeing is expected 
behaviour.

"whitelist_from" should only be used as a last resort because it blindly 
trusts the (alleged) envelope sender address. The documentation warns 
about this:
<http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html#whitelist_and_blacklist_options>

Personally, I include the SPF plugin and use "whitelist_from_spf" 
entries wherever possible. Failing that (if sending domain doesn't 
publish SPF details) I use "whitelist_from_rcvd".

-- 
John Marshall