User had all spam addresses auto added to SA's Whitelist

[WindyT]

I have no earthly way of knowing how, but after opening up my user's account, her spam assassin Whitelist account was 21 megs. I d/l'd it, opened it, and sure enough, every manner of spam address was inside.

Whether it was something on our server that managed to do it to her account or something on her home machine, something caused the user to have everything whitelisted. Spam Assassin doesn't work very well when something has set the whitelist to accept everything.

I deleted every file in spamassassin folder and let SA rebuild it. I'll continue to watch things.

weird.

 

[cPanelTristan]

Was this an entirely new account or was it moved from another server to that one?

 

[GregS]

"Whitelist" is a misleading name for this feature. It keeps track of the average spam score for all messages sent from a particular email address (further grouped by IP address, to avoid problems caused by spoofed emails), and adjusts the scores for new emails that match either up or down based on this. So, if you are getting a lot of spam from a particular email address, it doesn't "whitelist" this address, but rather increases the spam score of other emails from that address.

See Mail::SpamAssassin::Plugin::AWL - Normalize scores via auto-whitelist for more information.