Newbie Question

Julian Field mailscanner at
Sat Feb 22 08:42:41 GMT 2003

At 23:13 21/02/2003, you wrote:
>I am just new to the Ruleset concept and just need a little push.
>How do I write a ruleset to mark messages from a subnet as spam?

The rest of your questions have, I believe, been answered by others.
But to do what you want above, you effectively are asking "how do I create
a spam blacklist which will match against a range of IP's".
In MailScanner.conf, put this
Is Definitely Spam = /etc/MailScanner/rules/spam.blacklist.rules

and then in that file you can put any matches you like, including IP
address patterns. So
From:   10.10.10.*      yes
among other things. If you need to do a more complicated match against IP
addresses, rather than just a prefix, you can use any Perl regular
expressions you like, such as
From:   /^10\.10\.10\.[12345]0\./       yes
which says Matching against the start of the string, look for '10.10.10.'
followed by any of 10, 20, 30, 40, 50 followed by another '.'.

The "yes" on the end says "the result of a match against this rule is the
value yes", i.e. the message is definitely spam.

In any ruleset, always include a line like
FromOrTo:       default no
so that you specify the default value you want to give if none of the rules
match. In this case,  "no" is the sensible answer as you don't want to say
that everything is spam.

Take a look in /etc/MailScanner/rules and you will find a bit more
documentation and a few examples of what can be done.
Julian Field
MailScanner thanks transtec Computers for their support

More information about the MailScanner mailing list