Catch 22 Whitelist & BlackList

Stephe Campbell campbell at CNPAPERS.COM
Wed Apr 16 15:47:15 IST 2003 

BTW, my "Thanks loads" was sincere, not smart-assed like it may have come
across. (I got to thinking about it after I hit the send button).

Steve
----- Original Message -----
From: "Julian Field" <mailscanner at ECS.SOTON.AC.UK>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Wednesday, April 16, 2003 9:16 AM
Subject: Re: Catch 22 Whitelist & BlackList


> I think I'm getting confused by my own code as well :-)
>
> Whitelist       Blacklist       Result
> no                   no                 Do all RBL checks and SpamAssassin
> checks
> yes                 no                  yes (whitelist)
> no                   yes                yes (blacklist)
> yes                  yes               yes (whitelist)
>
> To make an entire domain whitelisted, except for one user who is to be
> blacklisted:
> In the whitelist put this:
>          From:   user at domain.com     no
>          From:   *@domain.com            yes
> In the blacklist put this:
>          From:   user at domain.com         yes
>
> At 13:52 16/04/2003, you wrote:
> >Then my example does not work. Based on what you say, if I am
understanding
> >you correctly, by putting this individual user (a member of the domain)
in
> >the whitelist as a "no" before the entire domain, which has "yes" will
cause
> >the whitelisting parameter to be effective and never check the blacklist,
> >where the user is flagged as "yes". Correct? Or are you saying once the
> >first whitelist rule match is made, the blacklist is then consulted?
"Yes"
> >matches would become inclusive (or decisive, whichever makes more sense)
and
> >"No" matches are exclusive?
> >
> >The table below is a better way of asking
> >
> >Whitelist      Blacklist        Result
> >no                 no                  no
> >yes               no                  yes (whitelist)
> >no                 yes                yes(blacklist)   -   my example
> >yes               yes                yes(whitelist)   -   your reply
> >
> >I realize that the first and last table entries are not logical, but this
> >covers all bases. What I am trying to do is exclude a single user from
being
> >whitelisted from the following domain catch-all whitelisting and flag
that
> >particular user as a blacklisted user. I need both situations met.
> >
> >It seems to work sometimes and other times not. I'm still not sure of
when
> >either of these times occur.
> >
> >Sorry that this seems to be such a simple thing, and so hard to
understand.
> >Your reply "if so, then get out and don't do any more spam checks" has me
a
> >little confused as to whether you meant  "any more spam checks" or "any
more
> >spam checks in this ruleset, but continue to the next ruleset".
> >
> >Thanks for the time and effort!
> >Steve Campbell
> >campbell at cnpapers.com
> >
> >
> >
> >----- Original Message -----
> >From: "Julian Field" <mailscanner at ECS.SOTON.AC.UK>
> >To: <MAILSCANNER at JISCMAIL.AC.UK>
> >Sent: Tuesday, April 15, 2003 4:31 PM
> >Subject: Re: Catch 22 Whitelist & BlackList
> >
> >
> > > At 18:55 15/04/2003, you wrote:
> > > >Clarification then, please:
> > > >
> > > >A match for a "yes" and a match for a "no" are both matches, and will
> >then
> > > >terminate the scan through the table of whitelists and proceed to the
> > > >blacklist to scan for matches (which you have indicated will override
the
> > > >whitelist match)?
> > >
> > > The rules are processed in top to bottom order until any rule matches
> > > (whether it's a yes or a no). If no rule matches after all have been
> >tried,
> > > the "default" rule value is used.
> > >
> > > I'm just checking the code right now. What happens is this:
> > > Is the sender address whitelisted? If so, then get out and don't do
any
> > > more spam checks.
> > > Is the sender address blacklisted? If so, then get out and don't do
any
> > > more spam checks.
> > > Do the RBL checks, then the SA checks.
> > >
> > > So my previous message was wrong. The whitelist is done first.
> > > Having "yes" in the whitelist and "yes" in the blacklist will cause
the
> > > message to be whitelisted.
> > >
> > > >I have to say to all: I never imagined the many ways to use
MailScanner
> >when
> > > >I first started using it. The flexibility of this application is
amazing
> > > >once you learn the ins and outs.
> > >
> > > The configuration system is not quite as flexible as I would like (you
> > > can't write expressions in it) but it's 99% there, which is quite good
> > > enough for most people most of the time. And if I had written
expression
> > > support in it, I bet that only a few people would ever work out how to
use
> > > it anyway. Which is why the Custom Function support is there, so you
can
> > > implement anything else you like.
> > >
> > > >Thank you very much
> > >
> > > Pleasure.
> > >
> > > >----- Original Message -----
> > > >From: "Julian Field" <mailscanner at ECS.SOTON.AC.UK>
> > > >To: <MAILSCANNER at JISCMAIL.AC.UK>
> > > >Sent: Monday, April 14, 2003 3:27 PM
> > > >Subject: Re: Catch 22 Whitelist & BlackList
> > > >
> > > >
> > > > > The rules are processed in top to bottom order. The default rule
is
> >used
> > > > > only if none of the other rules match. The whitelist check is done
> >before
> > > > > the blacklist check, and will over-ride it.
> > > > >
> > > > > At 19:50 14/04/2003, you wrote:
> > > > > >We have someone spoofing mail to and from a particular user at
one of
> >our
> > > > > >domains. I would like to get rid of all of this mail. Some of
this is
> > > > > >spoofed to the user and some is bounced back to the user. I can
not
> > > >locate
> > > > > >where it is originating. If I set up whitelisting such as:
> > > > > >
> > > > > >FromOrTo:    <mailto:BadUser at our.domain>BadUser at our.domain    no
> > > > > >FromOrTo:    <mailto:*@our.domain>*@our.domain    yes
> > > > > >FromOrTo:    default    no
> > > > > >
> > > > > >and blacklist such as:
> > > > > >
> > > > > >FromOrTo:    <mailto:BadUser at our.domain>BadUser at our.domain    yes
> > > > > >FromOrTo:    default    no
> > > > > >
> > > > > >Will this allow all mail from everyone at our.domain to pass
either
> >way
> > > > > >with the exception of
<mailto:BadUser at our.domain>BadUser at our.domain?
> > > > > >
> > > > > >Steve Campbell
> > > > > ><mailto:campbell at cnpapers.com>campbell at cnpapers.com
> > > > >
> > > > > --
> > > > > Julian Field
> > > > > www.MailScanner.info
> > > > > Professional Support Services at www.MailScanner.biz
> > > > > MailScanner thanks transtec Computers for their support
> > >
> > > --
> > > Julian Field
> > > www.MailScanner.info
> > > Professional Support Services at www.MailScanner.biz
> > > MailScanner thanks transtec Computers for their support
>
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support

More information about the MailScanner mailing list