Bug 5970 - perhaps remove yahoo-inc yahoo.com pair from pre-defined whitelists
Summary: perhaps remove yahoo-inc yahoo.com pair from pre-defined whitelists
Status: RESOLVED FIXED
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: spamassassin (show other bugs)
Version: 3.2.5
Hardware: Other All
: P5 trivial
Target Milestone: Undefined
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-09-06 18:29 UTC by jidanni
Modified: 2019-07-31 13:29 UTC (History)
2 users (show)


Attachment Type Modified Status Actions Submitter/CLA Status
spam text/plain None jidanni@jidanni.org [NoCLA]
spample where USER_IN_DEF_WHITELIST appears text/plain None Greg Troxel [NoCLA]
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description jidanni 2008-09-06 18:29:15 UTC 
Created attachment 4362 [details]
spam

Odd, I was going to complain about the value of pre-defined whitelists, but when I use -d and then -t, I can't get that tag, USER_IN_DEF_WHITELIST, back on. Odd.
Comment 1 jidanni 2008-09-06 18:31:21 UTC 
Oh, I bet it's how the envelope header hits spamassassin. Different from a file...
Comment 2 Greg Troxel 2008-09-07 06:37:04 UTC 
I got a spam which is very similar - it's the envelope sender that is in the default whitelitst.  I wrote to yahoo abuse and askeed them to explain how they prevent their users from spamming with this envelope address, and.... have heard nothing back.

As I understand this rule, to trigger the mail has to have the yahoo-dev-null@yahoo-inc.com from address (body or envelope) and simultaneously have been Received: by a yahoo.com host.  Obviously anyone can forge From addresses, so this only makes sense if yahoo prevents spam from this address from being emitted by all hosts in yahoo.com.

Given that this address is showing up in spam, yahoo obviously is not preventing the address going out from them.  I think this entry should be removed from the default whitelist.
Comment 3 Daryl C. W. O'Shea 2008-09-07 11:57:35 UTC 
Would you be able to provide a sample message Greg?
Comment 4 Justin Mason 2008-09-08 02:25:48 UTC 
we read the env sender from the Return-Path: (etc.) headers, see Mail::SpamAssassin::Conf manpage, 'envelope_sender_header' section, for details.  so it should be entirely feasible to reproduce from a file.
Comment 5 Greg Troxel 2008-09-08 05:57:28 UTC 
Created attachment 4363 [details]
spample where USER_IN_DEF_WHITELIST appears

This attachment is the contents of the *Article* buffer in gnus from a spam message, exactly.   One can see that USER_IN_DEF_WHITELIST appears, and running spamassassin  with -D -t I get:
[8132] dbg: rules: address yahoo-dev-null@yahoo-inc.com matches (def_)whitelist_from_rcvd ^.*\@yahoo\-inc\.com$ yahoo.com
[8132] dbg: rules: ran eval rule USER_IN_DEF_WHITELIST ======> got hit (1)

Perhaps we should remove the ".*@yahoo-inc yahoo.com" pair.

(As far as I can tell, there is nothing mysterious going on - the only problem appears to be that yahoo is doing inadequate evelope from filtering on user-generated mail.)
Comment 6 jidanni 2008-09-09 19:07:55 UTC 
OK, my problem seems unreproducable oddly these days, so retitling this bug to the remaining problem: remove those yahoo entries from the predefined whitelist or not.
Comment 7 Henrik Krohns 2019-07-31 13:29:37 UTC 
Closing old stale bug. I cleaned atleast 60_whitelist.cf.