Whitelisted
Matt Kettler
mkettler at EVI-INC.COM
Tue Jul 22 21:16:21 IST 2003
At 12:00 PM 7/22/2003 -0600, Dustin Baer wrote:
> > Dustin,
> > Maybe that is where my misunderstanding is. I thought, that would turn off
> > spam filtering for that user only. Does that say anything addressed to
> that
> > user and anyone else, will go through?
>
>Hi Kris,
>
>As far as I understand MailScanner's whitelisting, if one recipient is
>in the whitelist, all recipients receive the message. I have run into
>your situation also, and refuse to whitelist recipient names here, if I
>see that they receive a high volume of spam. I don't want other people
>getting spam, just because they want their name whitelisted.
>
>I am sure someone will correct me, if I have mis-stated how MailScanner
>operates its whitelist.
That is correct. And this "problem" is a fundamental limit of running at
the MTA layer. It's not a bug, or a mistake, it's a design tradeoff between
flexibility and efficiency.
Mailscanner runs at the MTA layer, not the MDA layer, so there is not one
copy of the message per user when MS sees it.. there's just one message
with many recipients. Thus MailScanner can only whitelist that one message,
or not whitelist it. There is no such thing as "well, later when you go to
deliver this, give these guys this copy, and that guy this other version".
It's one message, and they'll all get the same message, all MailScanner can
do is edit it.
Running at the MTA layer is much more efficient, because you only scan the
message once, but it inherently has limits on "per user" customization. The
MTA layer is the ideal spot to do virus scanning, because you rarely want
user-specific behaviors for virus scanning. However doing spam scanning at
the MTA layer is somewhat limiting if you've got users that need "exceptions".
Personally I deal with it by creating custom SpamAssassin rules instead of
whitelists. This gives me the ability to target specific kinds of messages,
rather than specific sources or destinations. If I have to do a whitelist,
I try to make it a "fromto" type whitelist where it winds up narrowly
defined. I never use To: type whitelists, and I avoid simple From:
whitelists as well.
More information about the MailScanner
mailing list