Whitelisted

[Steve Douglas]

Thank you for the clarification.  That is pretty slick.  I have had a couple
of "higher-ups" in my company express concern over how I can be absolutely
certain that legitimate email from legitimate senders is not overlooked.  At
this point, I think they are to go into the spam.checks.rules file.

Otherwise, I will have some explaining to do down the road.  I am going to
review your suggestion in the FAQ.  That is pretty slick.

SD
:-)


> -----Original Message-----
> From: Ken Anderson [mailto:ka at PACIFIC.NET]
> Sent: Thursday, July 24, 2003 10:25 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Whitelisted
>
> Okay, mail travels in envelopes with a TO and a FROM, just like postal
> mail, right?
>
> Mail is opened by the mailserver and delivered to the TO on the envelope
> and to the other TO,CC,BCC recipients. The problem is that this delivery
> process doesn't happen until the server writes it to the users mail
> spool. This doesn't happen until _after_ MailScanner/SA have looked at
> the message.
>
> The result is that a whitelist will affect ALL recipients of a message
> that has multiple recipients if the first envelope TO address matches
> the whitelist. 95% of the mail we see to multiple recipients is spam. :-(
>
> The only way around this using MailScanner is to use sendmail to split
> the message when it first arrives into multiple messages with only 1
> recipient each.
>
> MailScanner/SA will then see each recipient's copy of the message
> separately, so whitelists will be applied as they were intended. The FAQ
> entry explains how to do this (though the linebreaks were lost in the
> html faq, so it's a bit hard to read). Basically, you just run the
> incoming sendmail process with a very slightly modified config file, and
> sendmail takes care of splitting the incoming mail into single recipient
> messages. Note that this increases the load on your system too, since
> each message with x recipients will be split into x messages that
> MailScanner processes separately.
>
> FAQ entry:
> http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/169.html
>
> Ken A.
> Pacific.Net
>
>
>
>
> Steve Douglas wrote:
>
> > I am even more confused.  As my eyes glaze over.
> >
> >
> >
> > -----Original Message-----
> > From: Stephen Swaney [mailto:Steve at swaney.com]
> > Sent: Tuesday, July 22, 2003 3:38 PM
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: Re: Whitelisted
> >
> >
> >
> > Actually I placed Ken A, Pacific.Net's excellent solution for this in
> the
> > MailScanner FAQ.
> >
> >
> > http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/169.html
> > <http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/169.html>
> >
> > How easy can it get.
> >
> > Steve
> > Steve Swaney
> > steve at swaney.com
> >  <http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/169.html>
> > On Tue, 2003-07-22 at 16:19, Derek Winkler wrote:
> >
> > See earlier thread on splitting messages with multiple recipients into
> > messages with one recipient each as a workaround.
> >
> > -----Original Message-----
> > From: Matt Kettler [ <mailto:mkettler at EVI-INC.COM>
> > mailto:mkettler at EVI-INC.COM]
> > Sent: Tuesday, July 22, 2003 4:16 PM
> > To: MAILSCANNER at jiscmail.ac.uk
> > Subject: Re: Whitelisted
> >
> >
> > At 12:00 PM 7/22/2003 -0600, Dustin Baer wrote:
> >
> >>>Dustin,
> >>>Maybe that is where my misunderstanding is.  I thought, that would turn
> >
> > off
> >
> >>>spam filtering for that user only.  Does that say anything addressed to
> >>
> >>that
> >>
> >>>user and anyone else, will go through?
> >>
> >>Hi Kris,
> >>
> >>As far as I understand MailScanner's whitelisting, if one recipient is
> >>in the whitelist, all recipients receive the message.  I have run into
> >>your situation also, and refuse to whitelist recipient names here, if I
> >>see that they receive a high volume of spam.  I don't want other people
> >>getting spam, just because they want their name whitelisted.
> >>
> >>I am sure someone will correct me, if I have mis-stated how MailScanner
> >>operates its whitelist.
> >
> >
> > That is correct. And this "problem" is a fundamental limit of running at
> > the MTA layer. It's not a bug, or a mistake, it's a design tradeoff
> between
> > flexibility and efficiency.
> >
> > Mailscanner runs at the MTA layer, not the MDA layer, so there is not
> one
> > copy of the message per user when MS sees it.. there's just one message
> > with many recipients. Thus MailScanner can only whitelist that one
> message,
> > or not whitelist it. There is no such thing as "well, later when you go
> to
> > deliver this, give these guys this copy, and that guy this other
> version".
> > It's one message, and they'll all get the same message, all MailScanner
> can
> > do is edit it.
> >
> > Running at the MTA layer is much more efficient, because you only scan
> the
> > message once, but it inherently has limits on "per user" customization.
> The
> > MTA layer is the ideal spot to do virus scanning, because you rarely
> want
> > user-specific behaviors for virus scanning. However doing spam scanning
> at
> > the MTA layer is somewhat limiting if you've got users that need
> > "exceptions".
> >
> > Personally I deal with it by creating custom SpamAssassin rules instead
> of
> > whitelists. This gives me the ability to target specific kinds of
> messages,
> > rather than specific sources or destinations. If I have to do a
> whitelist,
> > I try to make it a "fromto" type whitelist where it winds up narrowly
> > defined. I  never use To: type whitelists, and I avoid simple From:
> > whitelists as well.
> >
> >