whitelist adding

On a standard Tiger Server installation use:
/var/clamav/.spamassassin/user_prefs
for system wide whitelisting.

Add:
# whitelist everyone at fnac.fr:
whitelist_from *@fnac.fr

However, you should consider that from headers can be forged, so if a spammer where to use a forged whitelisted from header, mail would get through.

An alternative could be to add:
# whitelist everyone at fnac.fr:
whitelist fromrcvd *@fnac.fr mail.pprgroup.net
But this works only if the mail server you receive from is only one and as such it's reverse DNS lookup can be determined for verification. Be careful with this option if you do not fully understand it.

More info here:
http://spamassassin.apache.org/full/3.1.x/doc/MailSpamAssassinConf.html

I found this topic interesting and looked for samples for user_prefs and found these two files on my system:

/usr/local/share/spamassassin/user_prefs.template
/usr/share/spamassassin/user_prefs.template

These templates state as follows:

#* Note: this file is not read by SpamAssassin until copied into the user
#* directory. At runtime, if a user has no preferences in their home directory
#* already, it will be copied for them, allowing them to perform personalised
#* customisation. If you want to make changes to the site-wide defaults,
#* create a file in /etc/spamassassin or /etc/mail/spamassassin instead.

Does this mean if we place the user_prefs file either in /etc/mail/spamassassin or where you say Alex, in /var/clamav/.spamassassin/ that it will be copied to user's directories as it says?

Where are these user directories? What if we want to create user specific whitelist settings? Does this mean we need to make a home folder for the mail user's shortname and place a .spamasssassin folder in it, i.e. ~/.spamassassin/user_prefs? or is it more like the Cyrus user folder at /var/spool/imap/users/j/jay folder?