Ken Anderson ka at PACIFIC.NET
Thu Jul 24 16:25:25 IST 2003

Okay, mail travels in envelopes with a TO and a FROM, just like postal
mail, right?

Mail is opened by the mailserver and delivered to the TO on the envelope
and to the other TO,CC,BCC recipients. The problem is that this delivery
process doesn't happen until the server writes it to the users mail
spool. This doesn't happen until _after_ MailScanner/SA have looked at
the message.

The result is that a whitelist will affect ALL recipients of a message
that has multiple recipients if the first envelope TO address matches
the whitelist. 95% of the mail we see to multiple recipients is spam. :-(

The only way around this using MailScanner is to use sendmail to split
the message when it first arrives into multiple messages with only 1
recipient each.

MailScanner/SA will then see each recipient's copy of the message
separately, so whitelists will be applied as they were intended. The FAQ
entry explains how to do this (though the linebreaks were lost in the
html faq, so it's a bit hard to read). Basically, you just run the
incoming sendmail process with a very slightly modified config file, and
sendmail takes care of splitting the incoming mail into single recipient
messages. Note that this increases the load on your system too, since
each message with x recipients will be split into x messages that
MailScanner processes separately.

FAQ entry:

Ken A.

Steve Douglas wrote:

> I am even more confused.  As my eyes glaze over.
> -----Original Message-----
> From: Stephen Swaney [mailto:Steve at swaney.com]
> Sent: Tuesday, July 22, 2003 3:38 PM
> Subject: Re: Whitelisted
> Actually I placed Ken A, Pacific.Net's excellent solution for this in the
> MailScanner FAQ.
> http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/169.html
> <http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/169.html>
> How easy can it get.
> Steve
> Steve Swaney
> steve at swaney.com
>  <http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/169.html>
> On Tue, 2003-07-22 at 16:19, Derek Winkler wrote:
> See earlier thread on splitting messages with multiple recipients into
> messages with one recipient each as a workaround.
> -----Original Message-----
> From: Matt Kettler [ <mailto:mkettler at EVI-INC.COM>
> mailto:mkettler at EVI-INC.COM]
> Sent: Tuesday, July 22, 2003 4:16 PM
> To: MAILSCANNER at jiscmail.ac.uk
> Subject: Re: Whitelisted
> At 12:00 PM 7/22/2003 -0600, Dustin Baer wrote:
>>>Maybe that is where my misunderstanding is.  I thought, that would turn
> off
>>>spam filtering for that user only.  Does that say anything addressed to
>>>user and anyone else, will go through?
>>Hi Kris,
>>As far as I understand MailScanner's whitelisting, if one recipient is
>>in the whitelist, all recipients receive the message.  I have run into
>>your situation also, and refuse to whitelist recipient names here, if I
>>see that they receive a high volume of spam.  I don't want other people
>>getting spam, just because they want their name whitelisted.
>>I am sure someone will correct me, if I have mis-stated how MailScanner
>>operates its whitelist.
> That is correct. And this "problem" is a fundamental limit of running at
> the MTA layer. It's not a bug, or a mistake, it's a design tradeoff between
> flexibility and efficiency.
> Mailscanner runs at the MTA layer, not the MDA layer, so there is not one
> copy of the message per user when MS sees it.. there's just one message
> with many recipients. Thus MailScanner can only whitelist that one message,
> or not whitelist it. There is no such thing as "well, later when you go to
> deliver this, give these guys this copy, and that guy this other version".
> It's one message, and they'll all get the same message, all MailScanner can
> do is edit it.
> Running at the MTA layer is much more efficient, because you only scan the
> message once, but it inherently has limits on "per user" customization. The
> MTA layer is the ideal spot to do virus scanning, because you rarely want
> user-specific behaviors for virus scanning. However doing spam scanning at
> the MTA layer is somewhat limiting if you've got users that need
> "exceptions".
> Personally I deal with it by creating custom SpamAssassin rules instead of
> whitelists. This gives me the ability to target specific kinds of messages,
> rather than specific sources or destinations. If I have to do a whitelist,
> I try to make it a "fromto" type whitelist where it winds up narrowly
> defined. I  never use To: type whitelists, and I avoid simple From:
> whitelists as well.

More information about the MailScanner mailing list