Bug 5970

Oh, I bet it's how the envelope header hits spamassassin. Different from a file...

I got a spam which is very similar - it's the envelope sender that is in the default whitelitst.  I wrote to yahoo abuse and askeed them to explain how they prevent their users from spamming with this envelope address, and.... have heard nothing back.

As I understand this rule, to trigger the mail has to have the yahoo-dev-null@yahoo-inc.com from address (body or envelope) and simultaneously have been Received: by a yahoo.com host.  Obviously anyone can forge From addresses, so this only makes sense if yahoo prevents spam from this address from being emitted by all hosts in yahoo.com.

Given that this address is showing up in spam, yahoo obviously is not preventing the address going out from them.  I think this entry should be removed from the default whitelist.

Would you be able to provide a sample message Greg?

we read the env sender from the Return-Path: (etc.) headers, see Mail::SpamAssassin::Conf manpage, 'envelope_sender_header' section, for details.  so it should be entirely feasible to reproduce from a file.

Created attachment 4363 [details]
spample where USER_IN_DEF_WHITELIST appears

This attachment is the contents of the *Article* buffer in gnus from a spam message, exactly.   One can see that USER_IN_DEF_WHITELIST appears, and running spamassassin  with -D -t I get:
[8132] dbg: rules: address yahoo-dev-null@yahoo-inc.com matches (def_)whitelist_from_rcvd ^.*\@yahoo\-inc\.com$ yahoo.com
[8132] dbg: rules: ran eval rule USER_IN_DEF_WHITELIST ======> got hit (1)

Perhaps we should remove the ".*@yahoo-inc yahoo.com" pair.

(As far as I can tell, there is nothing mysterious going on - the only problem appears to be that yahoo is doing inadequate evelope from filtering on user-generated mail.)

OK, my problem seems unreproducable oddly these days, so retitling this bug to the remaining problem: remove those yahoo entries from the predefined whitelist or not.

Closing old stale bug. I cleaned atleast 60_whitelist.cf.