Whitelist Problem - Still!
Julian Field
mailscanner at ecs.soton.ac.uk
Wed Aug 14 18:11:28 IST 2002
At 17:56 14/08/2002, you wrote:
> > At 10:57 13/08/2002, you wrote:
> >>On Mon, 12 Aug 2002 18:31:37 PST, you wrote:
> >>
> >> >Return-Path: <owner-mailscanner at JISCMAIL.AC.UK>
> >>
> >>This is taken from the enveloppe sender (mail from:).
> >
> > Not always present. In sendmail you need a flag in the definition of the
>"local" mailer to do this.
> >
> >> >Received: from smtp.jiscmail.ac.uk (smtp.jiscmail.ac.uk
> >> [130.246.192.48])
> >> > by netlx010.civ.utwente.nl (8.11.4/HKD) with ESMTP id
> >> g7D3s7E10837 for <P.G.M.Peters at CIV.UTWENTE.NL>; Tue, 13 Aug
> >> 2002 05:54:07 +0200
> >>
> >>This address was present in the enveloppe header as the recipient (rcpt
> >> to:)
> >
> > You have to ensure you use the last one of these (i.e. the first in the
>headers) as it gets changed by ".forward" files and mailing list
>exploders.
> >
> >> >From: Nathan Johanson <nathan at tcpnetworks.net>
> >>
> >>This is the From: header in the message.
> >>
> >> >To: MAILSCANNER at JISCMAIL.AC.UK
> >>
> >>And this is the To: header in the message.
> >>
> >> >X-UTwente-MailScanner: Found to be clean
> >> >X-UTwente-MailScanner-SpamCheck: RFC-IGNORANT-WHOIS
> >> >
> >> >Is it possible for someone to illustrate the difference between the
> >> "envelope sender address" versus the "From" header?
> >> >
> >> >Maybe grab a full email header, paste it into a reply to the list,
> >> and point out which is which? This seems like a recurring question and
>now I'm even beginning to question my own understanding of it. it might
>even be a good item for the FAQ. If I was convinced I
> >> understood it, I would write it myself :)
> >>
> >>I included the relevant headers from your mail message. :-)
> >>
> >>And the correspondenting log-lines (removed irrelevant information):
> >> |g7D3s7E10837: from=<owner-mailscanner at JISCMAIL.AC.UK>,
> >>|g7D3s7E10837: to=<P.G.M.Peters at CIV.UTWENTE.NL>, delay=00:00:00,
> >
> > --
> > Julian Field Teaching Systems Manager
> > jkf at ecs.soton.ac.uk Dept. of Electronics & Computer Science Tel.
>023 8059 2817 University of Southampton
> > Southampton SO17 1BJ
>
>
>I'm still having problems getting the spam.whitelist.conf file to work. I
>must be doing something really obviously wrong but I can't see it.
>
>Here's what I have in spam.whitelist.conf
>
># The following examples show what can be done here:
>#From: jkf at ecs.soton.ac.uk
>#From: JulianField.net
>#From: *.ecs.soton.ac.uk
>#To: spam@*
>#To: abuse at your.domain.com
>From: lyris.gamespy.com
>
>
>and here's a couple of lines for my miallog...
>
>Aug 12 08:54:33 tiger sendmail[22724]: g7CCsWZ22724:
>from=<bounce-portal-daily-html-7473066 at lyris.gamespy.com>, size=35280,
>class=0,nrcpts=1,
>msgid=<LISTMANAGER-7473066-5970396-2002.08.12-00.12.19--gerry#dorfam.ca at lyris.gamespy.com>,
>proto=SMTP, daemon=MTA, relay=lyris.gamespy.com [207.38.1.8]
>
>Aug 12 08:54:49 tiger mailscanner[22583]: Scanning 1 messages, 35746 bytes
>
>
>Aug 12 08:54:53 tiger mailscanner[22583]: Message g7CCsWZ22724 from
>207.38.1.8 (lyris.gamespy.com) is spam according to SpamAssassin
>(score=24.2, required 7, MSGID_CHARS_SPAM, PLING, DOUBLE_CAPSWORD,
>CLICK_BELOW, HTTP_WITH_EMAIL_IN_URL, UNSUB_PAGE, SUPERLONG_LINE,
>HTML_WITH_BGCOLOR, BIG_FONT, MAILTO_LINK, TRACKER_ID, RELAYING_FRAME,
>JAVASCRIPT, CLICK_HERE_LINK, MIME_EXCESSIVE_QP, FROM_AND_TO_SAME,
>CTYPE_JUST_HTML, AWL)
>
>
>Why was this message still marked as spam? Shouldn't it have been
>whitelisted and passed through without checking?
You haven't got
Always Include SpamAssassin Header = yes
have you?
Can you grab one of the messages (use "Archive Mail" preferably) and send
it to me please? I'll run it through my system and see if it works or not.
--
Julian Field Teaching Systems Manager
jkf at ecs.soton.ac.uk Dept. of Electronics & Computer Science
Tel. 023 8059 2817 University of Southampton
Southampton SO17 1BJ
More information about the MailScanner
mailing list