Unexpected whitelisting behaviour

Julian Field mailscanner at ecs.soton.ac.uk
Thu Dec 11 13:47:51 GMT 2003 

At 12:44 11/12/2003, you wrote:
>A colleague here sent me a message from the Dilbert website. It was a
>message containing a link to a cartoon I might enjoy. The message itself
>was unexceptional.
>
>However I noticed that the message headers did not contain the usual
>
>  X-Newcastle-MailScanner-SpamScore: ss...

That will only happen if MS thinks it is spam.

>header. This implies that the envelope sender domain/IP was whitelisted.
>Am I correct in this supposition?

No. If it would have been spam, but was whitelisted, then it would say it
was whitelisted.

>Both the message headers and the Sendmail logs show that the envelope
>sender address is "A.N.Other at ncl.ac.uk". Ignore the local part which I
>have changed and focus on the domain part which is one of our mail
>domains.
>
>The message clearly originated at the Dilbert web site as is evident
>from both the Sendmail logs and the message headers but the Dilbert site
>apparently allows the user to specify their own reply address and that
>it makes this address the envelope sender address. So far so good.
>
>Now here is the curious thing: I whitelist all mail originating at this
>site by IP address and NOT by domain. So I am perplexed as to how this
>message from an off-site IP address, but containing our domain in the
>envelope sender address, was apparently whitelisted when it was received
>by our mail relays. It should not have been whitelisted!
>
>I have got the user to repeat what she did and received a similar
>message showing the same behaviour via another one of our MX hosts. So
>it appears to be a  consistent fault. I am running with MS 4.24-5 and
>Sendmail.
>
>Quentin
>---
>PHONE: +44 191 222 8209    Information Systems and Services (ISS),
>                            University of Newcastle,
>                            Newcastle upon Tyne,
>FAX:   +44 191 222 8765    United Kingdom, NE1 7RU.
>------------------------------------------------------------------------
>"Any opinion expressed above is mine. The University can get its own."

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

More information about the MailScanner mailing list