Rulesets: Match first or match last?

Mariano Absatz mailscanner at LISTS.COM.AR
Fri Jul 4 15:30:11 IST 2003 

Yes,
but what Jeremy shows is that in the first example the first (non-default) 
rule should have applied but the second one did (supposedly both matched)...

Now that I see that the actual From: in Jeremy's message is 
JeremyE at BSA.CA.GOV I wonder... are you upcasing or lowcasing e-mail addresses 
before matching rules?...

This is kind of PITA, since domain names are case insensitive by definition, 
but the case sensitivity of the local part is a harder issue...

RFC 2821 (SMTP) says (sect.2.4, page 14):

                                   [...] The local-part of a mailbox
   MUST BE treated as case sensitive.  Therefore, SMTP implementations
   MUST take care to preserve the case of mailbox local-parts.  Mailbox
   domains are not case sensitive.  In particular, for some hosts the
   user "smith" is different from the user "Smith".  However, exploiting
   the case sensitivity of mailbox local-parts impedes interoperability
   and is discouraged.

So we shouldn't change the localpart (the part before the "@"), but then, 
most mail servers treat it as case-insensitive.

In any case, if we decide that we should lowcase the addresses before doing 
any comparisons inside MailScanner, we should preserve the _original_ 
envelope SMTP from and to addresses and use that whenever delivering/copying 
the message for delivering it... I think this is what is being done today, 
but I don't remember...


El 4 Jul 2003 a las 9:31, Julian Field escribió:

> The Filename Rules option concatenates all the matching rule results
> together, then uses that as the set of allow/deny rules for the attachment
> filenames.
> 
> It only uses the "default" setting if none of the other rules match.
> 
> 
> At 00:04 04/07/2003, you wrote:
> >I thought rulesets were supposed to use the first entry that matches, but
> >I'm doing some testing now and that doesn't seem to be the case.  If I use
> >this ruleset:
> >
> >    # filename.rules
> >    # This file lists which e-mails are scanned for nasty filenames
> >    From:        jeremye at bsa.ca.gov
> >/opt/MailScanner/etc/filename.rules.conf
> >    From:        *@bsa.ca.gov
> >/opt/MailScanner/etc/filename.allowall.conf
> >    FromTo:      default
> >/opt/MailScanner/etc/filename.rules.conf
> >
> >and send an e-mail from jeremye at bsa.ca.gov with an attached file blocked in
> >filename.rules.conf, it comes through without any problems.  If I use this
> >ruleset:
> >
> >    # filename.rules
> >    # This file lists which e-mails are scanned for nasty filenames
> >    From:        *@bsa.ca.gov
> >/opt/MailScanner/etc/filename.allowall.conf
> >    From:        jeremye at bsa.ca.gov
> >/opt/MailScanner/etc/filename.rules.conf
> >    FromTo:      default
> >/opt/MailScanner/etc/filename.rules.conf
> >
> >the attachment is stripped from the file.  Are the rulesets supposed to use
> >the first entry that matches, or the last one?
> >
> >Jeremy Evans
> >Information Systems Analyst
> >California State Auditor
> >916-445-0255 phone
> >916-322-7801 fax
> 
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support


--
Mariano Absatz
El Baby
----------------------------------------------------------
I started out with nothing & still have most of it left.

More information about the MailScanner mailing list