Bug in black/whitelist spam rules
Julian Field
mailscanner at ecs.soton.ac.uk
Mon Feb 17 12:33:18 GMT 2003
At 12:16 17/02/2003, you wrote:
>Indeed but the mail to www at ecem.com. is not being recognized or treated
>as blacklisted by MailScanner because the address www at ecem.com is in my
>blacklist without a dot at the end.
Ah! Now I see the point. Sorry, I missed the "." the first time around.
Will fix this for the next release.
>On Mon, 17 Feb 2003, Julian Field wrote:
>
> > That doesn't seem to show anything wrong. You received 1 message to
> > e at ecem.com and another to www at ecem.com.
> >
> > At 10:05 17/02/2003, you wrote:
> > >Hi Julian,
> > >
> > >Sorry i'm writing to you offlist but some spammers seem to have found a
> > >way to circumvent the black/whitelisting feature and I'm sending the
> > >output of maillog which I did not want to send on list.
> > >
> > >I have To: www at ecem.com blacklisted and deleted. Still was mail getting
> > >through.
> > >
> > >It seems that adding a dot after our domain name still generates a valid
> > >mail envelope/message but bypasses the balck/whitelisting feature.
> > >
> > >This is from the maillog:
> > >
> > >Feb 16 16:08:50 linuxgw sendmail[31824]: h1GF8nEM031824:
> > >from=<admin at microsoft.com>, size=610, class
> > >=0, nrcpts=1, msgid=<3$a5166$09--$j05f at 5vfo88>>, proto=SMTP, daemon=MTA,
> > >relay=h-66-134-36-76.HSTQTX
> > >02.covad.net [66.134.36.76]
> > >Feb 16 16:08:50 linuxgw sendmail[31824]: h1GF8nEM031824: to=<e at ecem.com>,
> > >delay=00:00:00, mailer=esm
> > >tp, pri=30542, stat=queued
> > >Feb 16 16:08:50 linuxgw sendmail[31825]: h1GF8nEM031825:
> > >from=<admin at microsoft.com>, size=625, class
> > >=0, nrcpts=1, msgid=<3e00v$l4vo$h73-tgo7t8140-5--fu8 at uci2a99j.o2uy>>,
> > >proto=SMTP, daemon=MTA, relay=
> > >h-66-134-36-76.HSTQTX02.covad.net [66.134.36.76]
> > >Feb 16 16:08:50 linuxgw sendmail[31825]: h1GF8nEM031825:
> > >to=<ecem at ecem.com>, delay=00:00:00, mailer=
> > >esmtp, pri=30557, stat=queued
> > >Feb 16 16:08:51 linuxgw MailScanner[30099]: New Batch: Scanning 2
> > >messages, 2172 bytes
> > >Feb 16 16:08:52 linuxgw MailScanner[30099]: Spam Checks: Found 2 spam
> > >messages
> > >Feb 16 16:08:52 linuxgw MailScanner[30099]: Virus and Content Scanning:
> > >Starting
> > >Feb 16 16:09:00 linuxgw sendmail[31827]: h1GF8xEM031827:
> > >from=<admin at microsoft.com>, size=623, class
> > >=0, nrcpts=1, msgid=<78uc9130p-7wrw$4ft$-f8-$5u--s$8 at aif6v33>>,
> > >proto=SMTP, daemon=MTA, relay=h-66-1
> > >34-36-76.HSTQTX02.covad.net [66.134.36.76]
> > >Feb 16 16:09:00 linuxgw sendmail[31827]: h1GF8xEM031827:
> > >to=<www at ecem.com.>, delay=00:00:01, mailer=
> > >esmtp, pri=30555, stat=queued
> > >
> > >
> > >Hope this is helpful.
> > >
> > >Best regards,
> > >Remco
> > >
> > >
> > >--
> > >This message has been scanned for viruses and
> > >dangerous content by MailScanner, and is
> > >believed to be clean.
> >
> >
>
>
>--
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
More information about the MailScanner
mailing list