I have been thinking on this for a while now. Since logwatch can send a mail to another server and that server DOES not mark it as spam, that presents a logic issue. Now, the other server does not have as new a spam assassin as the new, so it is hard to check it that way. So I 'replied' to the logwatch file and sent it to a known user, back to the new server. It never arrived. >From that I know a 100% spam assassin is taking it, not based on local usernames, or any sendmail settings. I had originally thought that because 'logwatch' was not a sender that would be an issue. I like the 'from ip' whitelist, but is not that spoofable too? I imagine making it both 'logwatch and from this IP' might be better. In logwatch there is a setting to say who the mail is from, right now it says 'logwatch' but I could always add some long goobledy gook as 'from' like "alkjfpolp3534j4f9logwatchsd9f9se9sdf9s99fwe" And then whitelist that, make it like 40 characters or whatever. I can understand why spamassassin cannot tell it is from a local user or have the ability to just auto whitelist stuff from a local user....but I can forsee problems with interwebsite mails and even things like mailing lists on the server without properly thinking this through. Never thought this would be an issue, but at least I know how to make it work...sorta. > -----Original Message----- > From: centos-bounces at centos.org > [mailto:centos-bounces at centos.org] On Behalf Of Scott Silva > Sent: Thursday, September 11, 2008 3:04 PM > To: centos at centos.org > Subject: [CentOS] Re: Logwatch / spamassassin > > <snip> > > > > Try adding a whitelist entry to /etc/mail/spamassassin/local.cf. To > > whitelist all mail from your domain: > > > > whitelist_from *@example.com > > > It is very easy to spoof email addresses. It is better to > whitelist from ip addresses when possible. > > > > > -- > MailScanner is like deodorant... > You hope everybody uses it, and > you notice quickly if they don't!!!! > >