SA Bugzilla – Bug 5970
perhaps remove yahoo-inc yahoo.com pair from pre-defined whitelists
Last modified: 2019-07-31 13:29:37 UTC
Created attachment 4362 [details] spam Odd, I was going to complain about the value of pre-defined whitelists, but when I use -d and then -t, I can't get that tag, USER_IN_DEF_WHITELIST, back on. Odd.
Oh, I bet it's how the envelope header hits spamassassin. Different from a file...
I got a spam which is very similar - it's the envelope sender that is in the default whitelitst. I wrote to yahoo abuse and askeed them to explain how they prevent their users from spamming with this envelope address, and.... have heard nothing back. As I understand this rule, to trigger the mail has to have the yahoo-dev-null@yahoo-inc.com from address (body or envelope) and simultaneously have been Received: by a yahoo.com host. Obviously anyone can forge From addresses, so this only makes sense if yahoo prevents spam from this address from being emitted by all hosts in yahoo.com. Given that this address is showing up in spam, yahoo obviously is not preventing the address going out from them. I think this entry should be removed from the default whitelist.
Would you be able to provide a sample message Greg?
we read the env sender from the Return-Path: (etc.) headers, see Mail::SpamAssassin::Conf manpage, 'envelope_sender_header' section, for details. so it should be entirely feasible to reproduce from a file.
Created attachment 4363 [details] spample where USER_IN_DEF_WHITELIST appears This attachment is the contents of the *Article* buffer in gnus from a spam message, exactly. One can see that USER_IN_DEF_WHITELIST appears, and running spamassassin with -D -t I get: [8132] dbg: rules: address yahoo-dev-null@yahoo-inc.com matches (def_)whitelist_from_rcvd ^.*\@yahoo\-inc\.com$ yahoo.com [8132] dbg: rules: ran eval rule USER_IN_DEF_WHITELIST ======> got hit (1) Perhaps we should remove the ".*@yahoo-inc yahoo.com" pair. (As far as I can tell, there is nothing mysterious going on - the only problem appears to be that yahoo is doing inadequate evelope from filtering on user-generated mail.)
OK, my problem seems unreproducable oddly these days, so retitling this bug to the remaining problem: remove those yahoo entries from the predefined whitelist or not.
Closing old stale bug. I cleaned atleast 60_whitelist.cf.