MailScanner and BlackList

John Rudd jrudd at UCSC.EDU
Mon Aug 4 08:23:22 IST 2003


On Sunday, Aug 3, 2003, at 21:46 US/Pacific, Daniel Kleinsinger wrote:

>
> If you wanted to improve it slightly, a feature I was looking for when
> I
> used MS for blacklists (I let SA do it now) was the ability to include
> lists of trusted MX servers (like the secondary MX for a domain, or a
> free email forwarding type server) that MS would look one step past in
> its blacklist checks.  For example, I have an account at myrealbox that
> forwards to my main email account which is protected by MS.  If I
> understand how it works now, MS only checked myrealbox's server on the
> blacklists.  It would have been cool if I could have told MS to "trust"
> myrealbox which would then make it look at the SMTP server before
> myrealbox's.  Seems like it would be a pretty simple change.  As far as
> I can tell, it would give you most of the utility of checking every
> received header, but still just requiring a single check.  Any received
> header not from a local/trusted SMTP server could be forged anyway.
>
>

It's not as simple a change as you might think.  MailScaner isn't
checking the 1st Received header.  It's checking the SMTP relay (the $_
line in the sendmail qf file).  It just so happens that, unless
something is very wrong, the SMTP relay will also be listed within the
message as the first Received header.

Adding what you're talking about wouldn't just be a matter of having it
check the 2nd instead of 1st received header, or checking received
headers 1 through N.  It would be a matter of adding support for
parsing out the received headers at all, which gets complicated because
some MTAs and forged mails have some weird received headers.  Plus,
there's messages with interruptions in their received headers.  I think
Julian's probably right in just saying "SA already does this, so why
should I bother?"  No point in re-inventing the wheel.



More information about the MailScanner mailing list