Catch 22 Whitelist & BlackList

Stephe Campbell campbell at CNPAPERS.COM
Wed Apr 16 13:52:39 IST 2003

Then my example does not work. Based on what you say, if I am understanding
you correctly, by putting this individual user (a member of the domain) in
the whitelist as a "no" before the entire domain, which has "yes" will cause
the whitelisting parameter to be effective and never check the blacklist,
where the user is flagged as "yes". Correct? Or are you saying once the
first whitelist rule match is made, the blacklist is then consulted? "Yes"
matches would become inclusive (or decisive, whichever makes more sense) and
"No" matches are exclusive?

The table below is a better way of asking

Whitelist      Blacklist        Result
no                 no                  no
yes               no                  yes (whitelist)
no                 yes                yes(blacklist)   -   my example
yes               yes                yes(whitelist)   -   your reply

I realize that the first and last table entries are not logical, but this
covers all bases. What I am trying to do is exclude a single user from being
whitelisted from the following domain catch-all whitelisting and flag that
particular user as a blacklisted user. I need both situations met.

It seems to work sometimes and other times not. I'm still not sure of when
either of these times occur.

Sorry that this seems to be such a simple thing, and so hard to understand.
Your reply "if so, then get out and don't do any more spam checks" has me a
little confused as to whether you meant  "any more spam checks" or "any more
spam checks in this ruleset, but continue to the next ruleset".

Thanks for the time and effort!
Steve Campbell
campbell at

----- Original Message -----
From: "Julian Field" <mailscanner at ECS.SOTON.AC.UK>
Sent: Tuesday, April 15, 2003 4:31 PM
Subject: Re: Catch 22 Whitelist & BlackList

> At 18:55 15/04/2003, you wrote:
> >Clarification then, please:
> >
> >A match for a "yes" and a match for a "no" are both matches, and will
> >terminate the scan through the table of whitelists and proceed to the
> >blacklist to scan for matches (which you have indicated will override the
> >whitelist match)?
> The rules are processed in top to bottom order until any rule matches
> (whether it's a yes or a no). If no rule matches after all have been
> the "default" rule value is used.
> I'm just checking the code right now. What happens is this:
> Is the sender address whitelisted? If so, then get out and don't do any
> more spam checks.
> Is the sender address blacklisted? If so, then get out and don't do any
> more spam checks.
> Do the RBL checks, then the SA checks.
> So my previous message was wrong. The whitelist is done first.
> Having "yes" in the whitelist and "yes" in the blacklist will cause the
> message to be whitelisted.
> >I have to say to all: I never imagined the many ways to use MailScanner
> >I first started using it. The flexibility of this application is amazing
> >once you learn the ins and outs.
> The configuration system is not quite as flexible as I would like (you
> can't write expressions in it) but it's 99% there, which is quite good
> enough for most people most of the time. And if I had written expression
> support in it, I bet that only a few people would ever work out how to use
> it anyway. Which is why the Custom Function support is there, so you can
> implement anything else you like.
> >Thank you very much
> Pleasure.
> >----- Original Message -----
> >From: "Julian Field" <mailscanner at ECS.SOTON.AC.UK>
> >Sent: Monday, April 14, 2003 3:27 PM
> >Subject: Re: Catch 22 Whitelist & BlackList
> >
> >
> > > The rules are processed in top to bottom order. The default rule is
> > > only if none of the other rules match. The whitelist check is done
> > > the blacklist check, and will over-ride it.
> > >
> > > At 19:50 14/04/2003, you wrote:
> > > >We have someone spoofing mail to and from a particular user at one of
> > > >domains. I would like to get rid of all of this mail. Some of this is
> > > >spoofed to the user and some is bounced back to the user. I can not
> >locate
> > > >where it is originating. If I set up whitelisting such as:
> > > >
> > > >FromOrTo:    <mailto:BadUser at our.domain>BadUser at our.domain    no
> > > >FromOrTo:    <mailto:*@our.domain>*@our.domain    yes
> > > >FromOrTo:    default    no
> > > >
> > > >and blacklist such as:
> > > >
> > > >FromOrTo:    <mailto:BadUser at our.domain>BadUser at our.domain    yes
> > > >FromOrTo:    default    no
> > > >
> > > >Will this allow all mail from everyone at our.domain to pass either
> > > >with the exception of <mailto:BadUser at our.domain>BadUser at our.domain?
> > > >
> > > >Steve Campbell
> > > ><mailto:campbell at>campbell at
> > >
> > > --
> > > Julian Field
> > >
> > > Professional Support Services at
> > > MailScanner thanks transtec Computers for their support
> --
> Julian Field
> Professional Support Services at
> MailScanner thanks transtec Computers for their support

More information about the MailScanner mailing list