confusing spam rules
Julian Field
mailscanner at ecs.soton.ac.uk
Mon Mar 3 19:10:19 GMT 2003
At 17:35 03/03/2003, you wrote:
>We plan to use MailScanner to tag the spam messages. After
>a few tests, I found the spam rules in MailScanner are very
>confusing.
>
> In /etc/MailScanner/MailScanner.conf:
>
>----------------------------------------------------------------------------
>
> Is Definitely Not Spam = /etc/MailScanner/rules/spam.whitelist.rules
>
> Is Definitely Spam = /etc/MailScanner/rules/spam.blacklist.rules
>
>1) Domain name does not match but ip address matches
>
> I configured a host name in
>/etc/MailScanner/rules/spam.blacklist.rules
> and sent a message from the machine, the message did not match the
>rule.
> Then I replaced the hostname with its IP address and sent the same
> message again from the same machine, it matched the spam rule.
>
> cat /etc/MailScanner/rules/spam.whitelist.rules
> FromTo: default no
>
> cat /etc/MailScanner/rules/spam.blacklist.rules
> From: /lms5.acs.ucalgary.ca/ yes
> FromTo: default no
If it is a name in the pattern, then it is checking the envelope sender of
the message, whereas a numerical test will check the other end of the SMTP
connection.
>2) wildcard(*) sometimes works, sometimes not
>
> The black list rule "To: fs50*@ucalgary.ca yes" does not match
> a message to fs501 at ucalgary.ca. But the black list rule "From:
> fs50*@ucalgary.ca yes" matches a message from fs501 at ucalgary.ca.
Don't understand that at all. Suggest you re-check your tests. All the
rulesets are built from exactly the same code, so they must behave the same.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
More information about the MailScanner
mailing list