Why aren't my whitelists/blacklists working properly?
If you're noticing that mail that should be whitelisted or blacklisted is not receiving the special treatment you think it deserves, you may be misunderstanding how Maia's whitelists and blacklists work.
You may be confused over the difference between the "envelope" sender and the "From:" sender. To understand the difference, take a look at this example of an SMTP transaction:
220 davinci.renaissoft.com ESMTP Postfix HELO my.bogus.host 250 davinci.renaissoft.com MAIL FROM: <larry@example.com> 250 Ok RCPT TO: <curly@example.com> 250 Ok DATA 354 End data with <CR><LF>.<CR><LF> Subject: Do you like this spoofed mail? To: You! From: George W. Bush <president@whitehouse.gov> I can write anything I want during the DATA stage, including the contents of the headers! . 250 Ok: queued as EFE295E00D8 QUIT 221 Bye
Notice that the sender identifies himself to the mail server as "MAIL FROM: <larry@…>", but in the e-mail itself he calls himself "From: George W. Bush <president@…>". The address in the "MAIL FROM:" is known as the "envelope" sender, and the address contained in the "From:" header is obviously the "From:" sender. As you can see, in this case they don't match, and this is often the case with spam.
Given that an e-mail can have two different sender addresses, then, which one do you use in your whitelists and blacklists? The envelope sender is probably the more trustworthy of the two, since it undergoes at least a small amount of verification by the mail server, to make sure that the "example.com" domain exists, for instance. By contrast, the "From:" header contents are ''never'' verified by the mail server--they're accepted exactly as they are, since they're considered part of the mail itself. That means that the "From:" header can be a complete work of fiction, and it often is.
Maia's Whitelist and Blacklist Features
Maia's whitelists and blacklists operate on the envelope sender, so in this case it's "larry@…" that it would be trying to match against your whitelists and blacklists, not "president@…". If you're not sure what the envelope sender address is for a given e-mail, there are a couple of easy ways to find out:
1. Check the "Return-Path:" header, which your mail server may have added to the mail when it was received. This header usually contains the envelope sender.
2. Look at the address that appears in the "From" column of any of Maia's quarantines or caches. Maia always displays the envelope sender address, except on the Mail Viewer page, where you'll see the "From:" header shown.
Spammers aren't the only ones who may use a different envelope sender and "From:" sender. Mailing lists in particular tend to do this to make it clear who the individual sender was (shown in the "From:" header), while making sure that any bounces get sent back to the mailing list software with a unique identifier, so that a recipient can be unsubscribed automatically after enough such bounces. You'll see something like:
Return-Path: <users-return-39709-you=yourdomain.tld@spamassassin.apache.org> ... From: John Q. Public <jpublic@example.com>
The frustrating part about mailing lists like this is that the unique identifier (the "39709" in the example above) makes it difficult to whitelist or blacklist without support for wildcards. Wildcard support was added in [1039] and will be included in the 1.0.2 release. In the meantime your only reasonable solution in cases like that is to whitelist or blacklist the entire domain, e.g. "@spamassassin.apache.org".
When mail arrives from a whitelisted sender, Maia bypasses spam-checking for that item entirely--SpamAssassin is not called, the mail is not assigned a score, and it appears in the logs as "WHITELISTED". Likewise, when mail arrives from a blacklisted sender, it shows up in the logs as "BLACKLISTED". The key difference is that whitelisted items are ultimately delivered (unless they're found to contain viruses, banned attachments, or bad headers), and blacklisted items are quietly discarded.
SpamAssassin's Whitelist and Blacklist Features
While it isn't recommended, if you decide you also want to whitelist or blacklist based on the "From:" sender, you can do this with SpamAssassin by adding whitelist_from/blacklist_from entries to your local.cf file:
whitelist_from joe@example.com whitelist_from *@renaissoft.com blacklist_from spammer@example.com
Note that these SpamAssassin whitelists and blacklists merely bias the mail's score downward or upward by 100 points, in the hope of forcing the total score into the proper range for non-spam or spam, respectively. The mail is still spam-checked as usual, so there's no resource savings by doing so. These whitelist and blacklist entries are not accessible from the Maia web interface, either, so they can only be set globally by the system administrator by manually editing the local.cf file and restarting amavisd-maia.
