Bug in black/whitelist spam rules

Julian Field mailscanner at ecs.soton.ac.uk
Mon Feb 17 13:42:51 GMT 2003


Here is a patch to Config.pm to solve this problem. It will be included in
the next release.
Let me know if you have any problems with it.

--- /usr/lib/MailScanner/MailScanner/Config.pm  Sun Feb  2 11:14:04 2003
+++ Config.pm   Mon Feb 17 13:46:05 2003
@@ -1059,6 +1059,8 @@
    $rule =~ s/\@/\\@/g;
    $rule =~ s/\./\\./g;
    $rule =~ s/\*/.*/g;
+  # and tack on the optional "." at the end
+  $rule .= '\.?';
    # and tack on the start+end anchors
    $rule = '^' . $rule . '$';
    ('t',$rule);


At 12:33 17/02/2003, you wrote:
>At 12:16 17/02/2003, you wrote:
>>Indeed but the mail to www at ecem.com. is not being recognized or treated
>>as blacklisted by MailScanner because the address www at ecem.com is in my
>>blacklist without a dot at the end.
>
>Ah! Now I see the point. Sorry, I missed the "." the first time around.
>Will fix this for the next release.
>
>
>
>>On Mon, 17 Feb 2003, Julian Field wrote:
>>
>> > That doesn't seem to show anything wrong. You received 1 message to
>> > e at ecem.com and another to www at ecem.com.
>> >
>> > At 10:05 17/02/2003, you wrote:
>> > >Hi Julian,
>> > >
>> > >Sorry i'm writing to you offlist but some spammers seem to have found a
>> > >way to circumvent the black/whitelisting feature and I'm sending the
>> > >output of maillog which I did not want to send on list.
>> > >
>> > >I have To: www at ecem.com blacklisted and deleted. Still was mail getting
>> > >through.
>> > >
>> > >It seems that adding a dot after our domain name still generates a valid
>> > >mail envelope/message but bypasses the balck/whitelisting feature.
>> > >
>> > >This is from the maillog:
>> > >
>> > >Feb 16 16:08:50 linuxgw sendmail[31824]: h1GF8nEM031824:
>> > >from=<admin at microsoft.com>, size=610, class
>> > >=0, nrcpts=1, msgid=<3$a5166$09--$j05f at 5vfo88>>, proto=SMTP, daemon=MTA,
>> > >relay=h-66-134-36-76.HSTQTX
>> > >02.covad.net [66.134.36.76]
>> > >Feb 16 16:08:50 linuxgw sendmail[31824]: h1GF8nEM031824: to=<e at ecem.com>,
>> > >delay=00:00:00, mailer=esm
>> > >tp, pri=30542, stat=queued
>> > >Feb 16 16:08:50 linuxgw sendmail[31825]: h1GF8nEM031825:
>> > >from=<admin at microsoft.com>, size=625, class
>> > >=0, nrcpts=1, msgid=<3e00v$l4vo$h73-tgo7t8140-5--fu8 at uci2a99j.o2uy>>,
>> > >proto=SMTP, daemon=MTA, relay=
>> > >h-66-134-36-76.HSTQTX02.covad.net [66.134.36.76]
>> > >Feb 16 16:08:50 linuxgw sendmail[31825]: h1GF8nEM031825:
>> > >to=<ecem at ecem.com>, delay=00:00:00, mailer=
>> > >esmtp, pri=30557, stat=queued
>> > >Feb 16 16:08:51 linuxgw MailScanner[30099]: New Batch: Scanning 2
>> > >messages, 2172 bytes
>> > >Feb 16 16:08:52 linuxgw MailScanner[30099]: Spam Checks: Found 2 spam
>> > >messages
>> > >Feb 16 16:08:52 linuxgw MailScanner[30099]: Virus and Content Scanning:
>> > >Starting
>> > >Feb 16 16:09:00 linuxgw sendmail[31827]: h1GF8xEM031827:
>> > >from=<admin at microsoft.com>, size=623, class
>> > >=0, nrcpts=1, msgid=<78uc9130p-7wrw$4ft$-f8-$5u--s$8 at aif6v33>>,
>> > >proto=SMTP, daemon=MTA, relay=h-66-1
>> > >34-36-76.HSTQTX02.covad.net [66.134.36.76]
>> > >Feb 16 16:09:00 linuxgw sendmail[31827]: h1GF8xEM031827:
>> > >to=<www at ecem.com.>, delay=00:00:01, mailer=
>> > >esmtp, pri=30555, stat=queued
>> > >
>> > >
>> > >Hope this is helpful.
>> > >
>> > >Best regards,
>> > >Remco
>> > >
>> > >
>> > >--
>> > >This message has been scanned for viruses and
>> > >dangerous content by MailScanner, and is
>> > >believed to be clean.
>> >
>> >
>>
>>
>>--
>>This message has been scanned for viruses and
>>dangerous content by MailScanner, and is
>>believed to be clean.
>
>--
>Julian Field
>www.MailScanner.info
>MailScanner thanks transtec Computers for their support

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support



More information about the MailScanner mailing list