TERMINOLOGY EnvelopeFrom pseudo-header: Set from SMTP "From". Envelope-Sender Resent-Sender X-Envelope-From From envelope_sender_header IMPORTANT settings, according to http://wiki.apache.org/spamassassin/ImportantInitialConfigItems Defaults all seem fine with a 1 SERVER network. internal_networks and trusted_networks (the former is a substet) Don't set to your entire network, since Trojan horses... use_bayes rewrite_header, add_header ok_locales dns_available I manually tested and verified that blacklist_from testa are applied to both the SMTP "From" and the "From:" header. Appears that, at least with the Suse RPM, the Exim customization at http://wiki.apache.org/spamassassin/EnvelopeSenderInReceived is entirely unnecessary, since it already writes the "envelope-from" clause to Received headers. So, since Exim is writing the envelope-from to Received, does SA automatically populate EnvelopeFrom from this????? Test shows YES. The config files are parsed by Perl somehow, so make sure to escape "@" exactly like you have to in perl. The standard test rules require use of RE, like blah =~ /regex/ (or !~). Seems they don't allow literals or simple "=" or "==". add_header works when spamassassin or spamc run manually, but not when invoked by Exim. (I have made sure than spamd has restarted). THEY RECOMMEND AGAINST whitelist_from + blacklist_from, which test given addr against several sender fields. blacklist_from is WHAT YOU SHOULD DO! The warnings are about whitelisting! RECOMMEND ***For Whitelisting***! (where X = "black" or "white"). whitelist_auth (NO SUCH THING FOR blacklists!) (This just defers to 3 plugin-specific directives). "other authenticated Xlisting methods" whitelist_from_rcvd Narrows reg. Xlist to specified mail server (or superdomain of mail servers). (NO SUCH THING FOR blacklists!) def_Xlist_from_rcvd???? Says it applies to SA-distro-supplied Xlists, yet you must specify the addr. ?? GOOD PERFORMANCE OPTIMIZATION lock_method flock If know that lock file will never be on NFS. AFTER EDITING ANY CONFIG FILES Run "spamassassin --lint", then restart "spamd" once lint is clean. SpamAssassin for RH 7.3 w/ Perl 5.6 Make sure the following RH RPMs are installed perl (5.6.x) perl-HTML-Tagset perl-HTML-Parser perl-Digest-MD5 perl-MIME-Base64 Get and install following perl modules from CPAN. Test::Harness (Should be in Perl 5.6.x!!! Perhaps it needs not the Harness.pm that comes with Perl 5.6.x, but the Harness directories.) Test::Simple (This includes Test::More) Digest::SHA1 Digest::HMAC Net::DNS Install RPMs spamassassin-2.42-3.i386.rpm perl-Mail-SpamAssassin-2.42-3.i386.rpm (this contains the base SpamAssassin perl modules, not external required or optional perl modules. I don't know why it's not bundled in the main rpm). (Do not need spamassassin-tools unless you want to optimze the scores from mail archives, or to use an SQL database for user settings). Download spamass-milter-*.tar.gz from http://savannah.nongnu.org/download/spamass-milt/ blacklist_from checks all of Envelope-Sender Resent-Sender X-Envelope-From From (I think??? this is From:) I think does NOT check SMTP From. Very difficult to test this without changing a whole mess of rules which intend to make messages from our own network and customers, automatically pass.