Whitelist
Randal, Phil
prandal at HEREFORDSHIRE.GOV.UK
Wed Apr 14 17:38:21 IST 2004
Which is precisely the sort of thing the current round of worms does.
Dangerous tags are dangerous, whoever they appear to come from.
Phil
----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Alex Neuman
> Sent: 14 April 2004 17:33
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: RE : Whitelist
>
> You could set up:
>
> Allow IFrame Tags = %rules-dir%/allowiframes.rules Allow Form
> Tags = %rules-dir%/allowforms.rules Allow Object Codebase
> Tags = %rules-dir%/allowobjectcodebase.rules
> Allow External Message Bodies = %rules-dir%/allowexternal.rules
>
> And in the files mentioned above ending in rules, add a
> ruleset like this:
>
> FromOrTo: default no
> From: mycomicaddress at mycomicdomain.com yes
>
>
> That way, the default is no (because HTML mail can be
> dangerous), but mail from that address will not be tagged as
> dangerous. Note: This wouldn't stop someone malicious
> enough... Someone could (at least in theory) forge the
> From: address and send you an e-mail message with an HTML exploit.
>
> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Howard Yuan
> Sent: Wednesday, April 14, 2004 11:18 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: RE : Whitelist
>
>
> >>> ugob at CAMO-ROUTE.COM 4/14/2004 09:04:21 >>>
> The whitelist (/etc/MailScanner/rules/spam.whitelist.rules)
> is only for spam.
>
> What you need is rulesets for the settings that strips html
> and detects html exploits.
>
> A ruleset, huh? Hum...okie, I'll do some research on that and
> see what I can come up with. Thanx.
>
> Howard
>
More information about the MailScanner
mailing list