I have been thinking on this for a while now. Since logwatch can send a mail to another server and that server DOES not mark it as spam, that presents a logic issue. Now, the other server does not have as new a spam assassin as the new, so it is hard to check it that way. So I 'replied' to the logwatch file and sent it to a known user, back to the new server. It never arrived.
From that I know a 100% spam assassin is taking it, not based on local
usernames, or any sendmail settings. I had originally thought that because 'logwatch' was not a sender that would be an issue.
I like the 'from ip' whitelist, but is not that spoofable too? I imagine making it both 'logwatch and from this IP' might be better.
In logwatch there is a setting to say who the mail is from, right now it says 'logwatch' but I could always add some long goobledy gook as 'from' like
"alkjfpolp3534j4f9logwatchsd9f9se9sdf9s99fwe"
And then whitelist that, make it like 40 characters or whatever.
I can understand why spamassassin cannot tell it is from a local user or have the ability to just auto whitelist stuff from a local user....but I can forsee problems with interwebsite mails and even things like mailing lists on the server without properly thinking this through.
Never thought this would be an issue, but at least I know how to make it work...sorta.
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Scott Silva Sent: Thursday, September 11, 2008 3:04 PM To: centos@centos.org Subject: [CentOS] Re: Logwatch / spamassassin
<snip> > > Try adding a whitelist entry to /etc/mail/spamassassin/local.cf. To > whitelist all mail from your domain: > > whitelist_from *@example.com > It is very easy to spoof email addresses. It is better to whitelist from ip addresses when possible.
-- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!!