Whitelisted

Stephen Swaney Steve at swaney.com
Thu Jul 24 17:31:23 IST 2003


Sorry for the bad formatting in the FAQ. Here is a repeat with hopefully
better, more understandable formatting


----------------------------------

I have incoming sendmail splitting multiple recipient messages into
multiple messages, so MailScanner and SA only see 1 recip per message.

Here's what I did. If any sendmail gurus out there thing this is a bad
idea, please let me know what a mess I've made of things :-)

1) Start the incoming sendmail with a different config file.
Changes to /etc/rc.d/init.d/MailScanner (from rpm install on redhat)
make this change to the incoming sendmail command line:
------ snip -------

  $SENDMAIL -bd -OPrivacyOptions=noetrn \
                       -ODeliveryMode=queueonly \
                       -OQueueDirectory=$INQDIR \
                       -OPidFile=$INPID \
                       -C/etc/mail/sendmail_in.cf

-------- snip --------

2) Make changes to the new sendmail config:
cp /etc/mail/sendmail /etc/mail/sendmail_in.cf

In sendmail_in.cf, add the following:
The comment header "QUEUE GROUP DEFINITIONS" should be there already.
Just add the single line under it.

------- snip --------
############################
# QUEUE GROUP DEFINITIONS  #
############################

Qmqueue, P=/var/spool/mqueue.in, F=f, r=1, R=8, I=2m

------- snip --------


AND, just above the "Ruleset 3" comment header, add the following:
(not sure if both lines are required or not...)

--------- snip --------

# LOCAL_RULESETS
Squeuegroup
R$* @ $*                $# mqueue
R$*                     $# mqueue

############################################
###  Ruleset 3 -- Name Canonicalization  ###
############################################


--------- snip ----------


Restart sendmail, and things like this start showing up in the log when
messages with multiple recipients come in:

Jul 17 08:14:31 host sendmail[7183]: h6HFDop8007183: split: maxrcpts=1,
rcpts=3, count=2, ids=h6HFDop9007183; h6HFDopA007183

So now MailScanner only sees 1 recipipient per message and rulesets only apply
to the user they are supposed to apply to. Cool, huh?
Thanks for all the suggestions!

Ken A
Pacific.Net
-----------------------------------------------

Steve
Steve at Swaney.com







On Thu, 2003-07-24 at 10:52, Steve Douglas wrote:

> I am even more confused.  As my eyes glaze over.
>
>
>
>
> -----Original Message-----
> From: Stephen Swaney [mailto:Steve at swaney.com]
> Sent: Tuesday, July 22, 2003 3:38 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Whitelisted
>
>
>
> Actually I placed Ken A, Pacific.Net's excellent solution for this in
> the MailScanner FAQ.
>
>
> http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/169.html
>
> How easy can it get.
>
> Steve
> Steve Swaney
> steve at swaney.com
>
> On Tue, 2003-07-22 at 16:19, Derek Winkler wrote:
>
> See earlier thread on splitting messages with multiple recipients into
> messages with one recipient each as a workaround.
>
> -----Original Message-----
> From: Matt Kettler [mailto:mkettler at EVI-INC.COM]
> Sent: Tuesday, July 22, 2003 4:16 PM
> To: MAILSCANNER at jiscmail.ac.uk
> Subject: Re: Whitelisted
>
>
> At 12:00 PM 7/22/2003 -0600, Dustin Baer wrote:
> > > Dustin,
> > > Maybe that is where my misunderstanding is.  I thought, that would
> turn off
> > > spam filtering for that user only.  Does that say anything
> addressed to
> > that
> > > user and anyone else, will go through?
> >
> >Hi Kris,
> >
> >As far as I understand MailScanner's whitelisting, if one recipient
> is
> >in the whitelist, all recipients receive the message.  I have run
> into
> >your situation also, and refuse to whitelist recipient names here, if
> I
> >see that they receive a high volume of spam.  I don't want other
> people
> >getting spam, just because they want their name whitelisted.
> >
> >I am sure someone will correct me, if I have mis-stated how
> MailScanner
> >operates its whitelist.
>
> That is correct. And this "problem" is a fundamental limit of running
> at
> the MTA layer. It's not a bug, or a mistake, it's a design tradeoff
> between
> flexibility and efficiency.
>
> Mailscanner runs at the MTA layer, not the MDA layer, so there is not
> one
> copy of the message per user when MS sees it.. there's just one
> message
> with many recipients. Thus MailScanner can only whitelist that one
> message,
> or not whitelist it. There is no such thing as "well, later when you
> go to
> deliver this, give these guys this copy, and that guy this other
> version".
> It's one message, and they'll all get the same message, all
> MailScanner can
> do is edit it.
>
> Running at the MTA layer is much more efficient, because you only scan
> the
> message once, but it inherently has limits on "per user"
> customization. The
> MTA layer is the ideal spot to do virus scanning, because you rarely
> want
> user-specific behaviors for virus scanning. However doing spam
> scanning at
> the MTA layer is somewhat limiting if you've got users that need
> "exceptions".
>
> Personally I deal with it by creating custom SpamAssassin rules
> instead of
> whitelists. This gives me the ability to target specific kinds of
> messages,
> rather than specific sources or destinations. If I have to do a
> whitelist,
> I try to make it a "fromto" type whitelist where it winds up narrowly
> defined. I  never use To: type whitelists, and I avoid simple From:
> whitelists as well.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030724/db718a11/attachment.html


More information about the MailScanner mailing list