Whitelist spam pattern matching in SpamAssassin

[GoWilkes]

Can any of you suggest a way to whitelist any email from a domain OR subdomain of that domain, without whitelisting a domain that just happens to end with the same string?

Eg, I get emails from [email protected] or [email protected], and possibly other subdomains of cpanel.net. I want to whitelist all variations (including those I don't know), so I do this:

whitelist_from *@*cpanel.net

But that also inadvertently whitelists, say, [email protected] (assuming a spammer is clever enough to buy a domain that ends with "cpanel.net"). And that's just one example, I currently have 29 whitelists that are like that.

I know that I could double down, like:

whitelist_from *@cpanel.net
whitelist_from *@*.cpanel.net

but before I double my list of whitelist addresses, is there a better way? Can I do some sort of pattern matching? Like:

whitelist_from *@(\w.)?cpanel.net

 

[GoWilkes]

From reading the docs, maybe?

IF (MAIL FROM =~ /@(\w\.)?cpanel\.net$)
  whitelist_from *@*cpanel.net
ENDIF

The docs briefly mention conditions, but I'm not sure if there's a predefined constant for the "from" field or if they can be used in this context.

Mail::SpamAssassin::Conf - SpamAssassin configuration file

And I really don't know if making a different condition for each one would be easier to maintain than just doubling down on the list, anyway.

 

[cPRex]

I was going to direct you to a thread that i just saw you commented out, as maybe Exim filters would be more helpful here, but I see you found that :D