How to properly whitelist.

Julian Field mailscanner at ecs.soton.ac.uk
Mon Dec 9 17:09:46 GMT 2002


At 16:53 09/12/2002, you wrote:
>Hello,
>
>I am getting a few false positives on several mailing lists that I
>subscribe to. Here is a header from one of them.
>
>Received: from isaiah.jcntv.com [68.15.9.22] by jcntv.com with ESMTP
>(SMTPD32-7.07) id A6724750240; Mon, 09 Dec 2002 06:19:30 -0800
>Received: from mserv7.dl.ac.uk (mail.dl.ac.uk [148.79.80.138]) by
>isaiah.jcntv.com (8.12.6/8.12.6) with ESMTP id gB9EIVx3005029 for
><eneal at bnbtv.com>; Mon, 9 Dec 2002 06:18:31 -0800
>X-DL-MFrom: <server-daemon at mserv1.dl.ac.uk>
>X-DL-Connect: <root at mserv1.dl.ac.uk [148.79.160.65]>
>Received: from mserv1.dl.ac.uk (root at mserv1.dl.ac.uk [148.79.160.65]) by
>mserv7.dl.ac.uk (8.12.6/8.12.6/[ref postmaster at dl.ac.uk]) with ESMTP id
>gB9ECquf031525; Mon, 9 Dec 2002 14:18:17 GMT
>Received: by mserv1.dl.ac.uk id OAA27614 (8.8.8/5.4[ref
>postmaster at dl.ac.uk] for dl.ac.uk from server-daemon at mserv1.dl.ac.uk);
>Mon, 9 Dec 2002 14:11:10 GMT
>Resent-From: <server-daemon at dl.ac.uk>
>Received: by mserv1.dl.ac.uk id NAA25894 (8.8.8/5.4[ref
>postmaster at dl.ac.uk] for dl.ac.uk from server-daemon at mserv1.dl.ac.uk);
>Mon, 9 Dec 2002 13:16:37 GMT
>Received: from mserv7.dl.ac.uk
>(Om3qliRVtgTG9ApZu3R/qNQQAgsi7v2i at mail.dl.ac.uk [148.79.80.138]) by
>mserv1.dl.ac.uk with ESMTP id NAA25886 (8.8.8/5.4[ref
>postmaster at dl.ac.uk] for dl.ac.uk from news at dl.ac.uk); Mon, 9 Dec 2002
>13:16:34 GMT
>Received: from mserv2.dl_sun_server (mserv2.dl.ac.uk [148.79.80.2]) by
>mserv7.dl.ac.uk (8.12.6/8.12.6/[ref postmaster at dl.ac.uk]) with ESMTP id
>gB9DGOrt028744 for <comp-news at dl.ac.uk>; Mon, 9 Dec 2002 13:16:24 GMT
>Received: (from news at localhost) by mserv2.dl_sun_server
>(8.8.8+Sun/8.8.8) id NAA28461; Mon, 9 Dec 2002 13:15:49 GMT
>Date: 09 Dec 2002 12:56:38 GMT
>Resent-Date: Mon, 9 Dec 102 14:11:0 UT
>Message-ID: <10212914110.~INN-VZDa00152.comp-news at dl.ac.uk>
>Resent-Message-ID: <slrnav94km.qb.ronny.portier at whisper.localnet.net>
>Precedence: list
>From: Ronny Portier <ronny.portier at skynetSPAM.be>
>Reply-To: Ronny Portier <ronny.portier at skynetSPAM.be>
>Sender: "comp.mail.sendmail mail newsgroup" <server-daemon at dl.ac.uk>
>To: comp.mail.sendmail mail newsgroup <comp-news at dl.ac.uk>
>Subject: {Spam?} remote and local mail
>Comments: List problems/queries to <postmaster at dl.ac.uk>
>Comments: To mail both the group and netnews send to
>(comp-mail-sendmail at dl.ac.uk)
>X-Article-Number: comp.mail.sendmail Msg # 82031
>X-Listpath: comp-news
>X-Mailer: MXT V 12.16.1
>X-DCC-servers-Metrics: isaiah 1049; Body=1 Fuz1=1 Fuz2=1
>X-MailScanner: Found to be clean
>X-MailScanner-SpamCheck: SpamAssassin (score=6, required 3,
>DATE_IN_PAST_12_24, MSGID_CHARS_WEIRD, NO_MX_FOR_FROM,
>SPAM_PHRASE_03_05)
>X-MailScanner-SpamScore: ssssss
>X-RCPT-TO: <spam at jcntv.com>
>Status: U
>X-UIDL: 337854422
>X-Evolution-Source: pop://spam@mail.jcntv.com
>Mime-Version: 1.0
>
>
>Okay, so I do not want this message to be marked as spam, but how do I
>properly whitelist it? I have already made an entry in the rules file
>that says "To:  comp-news at dl.ac.uk      yes", but still messages from this
>list are being labeled as spam. Also, is it possible to use other
>headers to whitelist with?

The addresses that matter are the *envelope* addresses not whatever someone
felt like putting in the headers. The *envelope* recipient will be you, and
the envelope sender is going to be some address where the mailing list
resides. You need to be matching on them, not the values in the headers.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support



More information about the MailScanner mailing list