Catch 22 Whitelist & BlackList

Julian Field mailscanner at ecs.soton.ac.uk
Wed Apr 16 14:16:41 IST 2003


I think I'm getting confused by my own code as well :-)

Whitelist       Blacklist       Result
no                   no                 Do all RBL checks and SpamAssassin
checks
yes                 no                  yes (whitelist)
no                   yes                yes (blacklist)
yes                  yes               yes (whitelist)

To make an entire domain whitelisted, except for one user who is to be
blacklisted:
In the whitelist put this:
         From:   user at domain.com     no
         From:   *@domain.com            yes
In the blacklist put this:
         From:   user at domain.com         yes

At 13:52 16/04/2003, you wrote:
>Then my example does not work. Based on what you say, if I am understanding
>you correctly, by putting this individual user (a member of the domain) in
>the whitelist as a "no" before the entire domain, which has "yes" will cause
>the whitelisting parameter to be effective and never check the blacklist,
>where the user is flagged as "yes". Correct? Or are you saying once the
>first whitelist rule match is made, the blacklist is then consulted? "Yes"
>matches would become inclusive (or decisive, whichever makes more sense) and
>"No" matches are exclusive?
>
>The table below is a better way of asking
>
>Whitelist      Blacklist        Result
>no                 no                  no
>yes               no                  yes (whitelist)
>no                 yes                yes(blacklist)   -   my example
>yes               yes                yes(whitelist)   -   your reply
>
>I realize that the first and last table entries are not logical, but this
>covers all bases. What I am trying to do is exclude a single user from being
>whitelisted from the following domain catch-all whitelisting and flag that
>particular user as a blacklisted user. I need both situations met.
>
>It seems to work sometimes and other times not. I'm still not sure of when
>either of these times occur.
>
>Sorry that this seems to be such a simple thing, and so hard to understand.
>Your reply "if so, then get out and don't do any more spam checks" has me a
>little confused as to whether you meant  "any more spam checks" or "any more
>spam checks in this ruleset, but continue to the next ruleset".
>
>Thanks for the time and effort!
>Steve Campbell
>campbell at cnpapers.com
>
>
>
>----- Original Message -----
>From: "Julian Field" <mailscanner at ECS.SOTON.AC.UK>
>To: <MAILSCANNER at JISCMAIL.AC.UK>
>Sent: Tuesday, April 15, 2003 4:31 PM
>Subject: Re: Catch 22 Whitelist & BlackList
>
>
> > At 18:55 15/04/2003, you wrote:
> > >Clarification then, please:
> > >
> > >A match for a "yes" and a match for a "no" are both matches, and will
>then
> > >terminate the scan through the table of whitelists and proceed to the
> > >blacklist to scan for matches (which you have indicated will override the
> > >whitelist match)?
> >
> > The rules are processed in top to bottom order until any rule matches
> > (whether it's a yes or a no). If no rule matches after all have been
>tried,
> > the "default" rule value is used.
> >
> > I'm just checking the code right now. What happens is this:
> > Is the sender address whitelisted? If so, then get out and don't do any
> > more spam checks.
> > Is the sender address blacklisted? If so, then get out and don't do any
> > more spam checks.
> > Do the RBL checks, then the SA checks.
> >
> > So my previous message was wrong. The whitelist is done first.
> > Having "yes" in the whitelist and "yes" in the blacklist will cause the
> > message to be whitelisted.
> >
> > >I have to say to all: I never imagined the many ways to use MailScanner
>when
> > >I first started using it. The flexibility of this application is amazing
> > >once you learn the ins and outs.
> >
> > The configuration system is not quite as flexible as I would like (you
> > can't write expressions in it) but it's 99% there, which is quite good
> > enough for most people most of the time. And if I had written expression
> > support in it, I bet that only a few people would ever work out how to use
> > it anyway. Which is why the Custom Function support is there, so you can
> > implement anything else you like.
> >
> > >Thank you very much
> >
> > Pleasure.
> >
> > >----- Original Message -----
> > >From: "Julian Field" <mailscanner at ECS.SOTON.AC.UK>
> > >To: <MAILSCANNER at JISCMAIL.AC.UK>
> > >Sent: Monday, April 14, 2003 3:27 PM
> > >Subject: Re: Catch 22 Whitelist & BlackList
> > >
> > >
> > > > The rules are processed in top to bottom order. The default rule is
>used
> > > > only if none of the other rules match. The whitelist check is done
>before
> > > > the blacklist check, and will over-ride it.
> > > >
> > > > At 19:50 14/04/2003, you wrote:
> > > > >We have someone spoofing mail to and from a particular user at one of
>our
> > > > >domains. I would like to get rid of all of this mail. Some of this is
> > > > >spoofed to the user and some is bounced back to the user. I can not
> > >locate
> > > > >where it is originating. If I set up whitelisting such as:
> > > > >
> > > > >FromOrTo:    <mailto:BadUser at our.domain>BadUser at our.domain    no
> > > > >FromOrTo:    <mailto:*@our.domain>*@our.domain    yes
> > > > >FromOrTo:    default    no
> > > > >
> > > > >and blacklist such as:
> > > > >
> > > > >FromOrTo:    <mailto:BadUser at our.domain>BadUser at our.domain    yes
> > > > >FromOrTo:    default    no
> > > > >
> > > > >Will this allow all mail from everyone at our.domain to pass either
>way
> > > > >with the exception of <mailto:BadUser at our.domain>BadUser at our.domain?
> > > > >
> > > > >Steve Campbell
> > > > ><mailto:campbell at cnpapers.com>campbell at cnpapers.com
> > > >
> > > > --
> > > > Julian Field
> > > > www.MailScanner.info
> > > > Professional Support Services at www.MailScanner.biz
> > > > MailScanner thanks transtec Computers for their support
> >
> > --
> > Julian Field
> > www.MailScanner.info
> > Professional Support Services at www.MailScanner.biz
> > MailScanner thanks transtec Computers for their support

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support



More information about the MailScanner mailing list