Spam whitelist rules

Dustin Baer dustin.baer at IHS.COM
Fri Feb 20 20:11:31 GMT 2004


Kai Schaetzl wrote:
>
> Dustin Baer wrote on         Fri, 20 Feb 2004 10:05:56 -0700:
>
> > Do you still have "Spam Checks = no" (or a ruleset for the particular
> > address you are testing)?
>
> No, currently set:
> Spam Checks = yes
> Spam Actions = store notify
> High Scoring Spam Actions = store

If you store the spam, then you won't see any MailScanner headers.  The
stored version is untouched by MailScanner.

> > > > On our server when people request quarantined spam, I change the $_
> > > > header to a "Is Definitely Not Spam" IP, but I allow Spam Checks.
> > >
> > > I don't understand, sorry. $_ is the "validated sender address" in
> > > sendmail, how, where do you change what?
> >
> > I have a script that does it.  When people request email, the script
> > changes $_ to an IP that is whitelisted, therefore goes through, no
> > matter what SpamAssassin says.  The reason I want it this way, is that
> > it will go back through MailScanner (mqueue.in), pass through spam
> > checking, but get tested for viruses.
>
> Do you mean "connect for relaying" with "request email"? Do you tail the
> sendmail log or how do you do this? That is fast enough for adding the IP
> before MailScanner hits the file?

I quarantine spam as queue files (qf/df), so when someone requests the
quarantined email, my script changes whatever the value for $_ in the qf
file is to $_[a.b.c.d].  a.b is already in whitelisted by
spam.whitelist.rules, and a.b.c.d is set to "yes" in SpamChecks.rules (I
didn't make that completely clear).

Example:

a.b is our Class B address

spam.whitelist.rules - From: a.b yes
SpamChecks.rules - From: a.b.c.d yes

quarantined qfi1K9887j016523 -
$_APoitiers-104-1-2-182.w81-48.abo.wanadoo.fr [81.48.41.182]

When somone requests the i1K9887j016523 email, $_ is changed to
$_[a.b.c.d]

Therefore, it is whitelisted (From: a.b yes) and also checked by
SpamAssassin (From: a.b.c.d yes).  So, no matter what score SpamAssassin
gives the email, it is delivered because it is whitelisted.

> > 1.
> > Spam Checks = yes
> > spam.whitelist.rules - From: spammer at spam.com yes
> >
> > Result - email will include SpamAssassin score, no matter what score
> > SpamAssassin gave it.
>
> Yes, this is "classic" whitelisting. I have no scores on these. They are
> scanned and Mailwatch shows them as whitelisted (W/L) with a spam score of
> 0.0.

Does any of your delivered email have a score other than 0.0?  Do you
have "Use SpamAssassin = yes" in MailScanner.conf?

> Ok, I think I have found the problem. Looking in the quarantine I see that I
> don't get any scores or spam headers in the messages, not even {Spam} in the
> Subject. Is this a side effect of storing?

Yes.  They are untouched.

> I know I used to get the Subject
> changed last week or so, but I don't remember if that was before changing from
> deliver to store.

Most likely when you were delivering them.

> I do get all the spam scores and rule hits in Mailwatch, so
> I didn't realize that there isn't anything about spam in the headers.

I haven't used Mailwatch, so can't comment.

> I didn't knowingly change anything in MailScanner.conf or SA which could have
> stopped the spam reports. F.i Detailed Spam Report = yes and Include Scores In
> SpamAssassin Report = yes.

Are there any X-MailScanner headers in your delivered email?

Dustin
--
Dustin Baer
Unix Administrator/Postmaster
Information Handling Services
15 Inverness Way East
Englewood, CO 80112
303-397-2836



More information about the MailScanner mailing list