Unexpected whitelisting behaviour

Quentin Campbell Q.G.Campbell at NEWCASTLE.AC.UK
Thu Dec 11 12:44:17 GMT 2003

A colleague here sent me a message from the Dilbert website. It was a
message containing a link to a cartoon I might enjoy. The message itself
was unexceptional.

However I noticed that the message headers did not contain the usual
 X-Newcastle-MailScanner-SpamScore: ss...

header. This implies that the envelope sender domain/IP was whitelisted.
Am I correct in this supposition?

Both the message headers and the Sendmail logs show that the envelope
sender address is "A.N.Other at ncl.ac.uk". Ignore the local part which I
have changed and focus on the domain part which is one of our mail

The message clearly originated at the Dilbert web site as is evident
from both the Sendmail logs and the message headers but the Dilbert site
apparently allows the user to specify their own reply address and that
it makes this address the envelope sender address. So far so good.

Now here is the curious thing: I whitelist all mail originating at this
site by IP address and NOT by domain. So I am perplexed as to how this
message from an off-site IP address, but containing our domain in the
envelope sender address, was apparently whitelisted when it was received
by our mail relays. It should not have been whitelisted!

I have got the user to repeat what she did and received a similar
message showing the same behaviour via another one of our MX hosts. So
it appears to be a  consistent fault. I am running with MS 4.24-5 and

PHONE: +44 191 222 8209    Information Systems and Services (ISS),
                           University of Newcastle,
                           Newcastle upon Tyne,
FAX:   +44 191 222 8765    United Kingdom, NE1 7RU.
"Any opinion expressed above is mine. The University can get its own." 

More information about the MailScanner mailing list