Whitelist / blacklist interactions question

Quentin Campbell Q.G.Campbell at NEWCASTLE.AC.UK
Wed Dec 8 10:41:59 GMT 2004 

I have 

  From:  *@oxfam.org.uk   yes

in my spam.whitelist.rules file. I have

  From: fred at oxfam.org.uk  yes

in my spam.blacklist.rules file. 

I expect the latter entry to overrule the former in the case of mail
from "fred". What I am getting is inconsistent behaviour. 

Log entries are shown below. Real message from fred are _not_ being
blacklisted. The real message has many message-To recipients. My test
messages via hand geneated SMTP exchanges from fred _are_ blacklisted.
My test message has just a single message-To recipient.

What happens with real messages from fred:

Dec  8 09:13:24 cheviot5 sendmail[7210]: iB89DNdK007210:
from=<fred at oxfam.org.uk>, size=17925, class=0, nrcpts=1,
msgid=<000101c4dd06$7af008b0$0310a8c0 at sddirect.local>, proto=ESMTP,
daemon=MTA, relay=[217.206.212.40]
Dec  8 09:13:25 cheviot5 MailScanner[26934]: Message iB89DNdK007210 from
217.206.212.40 (fred at oxfam.org.uk) is whitelisted 

What happens with me simulating a message from fred with a hand crafted
SMTP exchange:

Dec  8 09:39:27 cheviot5 sendmail[15243]: iB89cF1F015243:
from=fred at oxfam.org.uk, size=84, class=0, nrcpts=1,
msgid=<200412080938.iB89cF1F015243 at cheviot5.ncl.ac.uk>, proto=ESMTP,
daemon=MTA, relay=ucsnew2.ncl.ac.uk [128.240.233.6]
Dec  8 09:39:27 cheviot5 MailScanner[26934]: Message iB89cF1F015243 from
128.240.233.6 (fred at oxfam.org.uk) to ncl.ac.uk is spam (blacklisted)

I have clearly missed something but what? Note that I have 

  Ignore Spam Whitelist If Recipients Exceed = 1000 

Should this be reduced to 5 (say)? However that does not explain the
difference in behaviour between real messages and test messages via
manual SMTP.

Quentin
---
PHONE: +44 191 222 8209    Information Systems and Services (ISS),
                           University of Newcastle,
                           Newcastle upon Tyne,
FAX:   +44 191 222 8765    United Kingdom, NE1 7RU.
------------------------------------------------------------------------
"Any opinion expressed above is mine. The University can get its own." 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list