Building an MS-SA box

Julian Field mailscanner at ecs.soton.ac.uk
Sun Feb 22 15:09:58 GMT 2004 

It does top down matching just like a firewall does. The only exception is
the default rule. If I made it all top-to-bottom, and someone accidentally
put the default first, none of their rules would be used at all.

In cases where every matching rule is used, rather that the first match,
then the default is only used when none of the other rules match. In that
case, there is no "right" place for the default. I wanted to make both the
all-matches and first-match rulesets have the same semantics for the
placing of the default rule.

At 14:31 22/02/2004, you wrote:
>Well the more I looked at it, the more I would agree, cause if MS is working
>with the rule sets like a firewall does, meaning TOP DOWN matching, then you
>would want your default, most often used rule at the bottom of the list thus
>being the "catch all" rule that everything not matching the rules above
>would be treated.
>
>Julian, any thoughts?
>-----Original Message-----
>From: Peter Bonivart [mailto:peter at UCGBOOK.COM]
>Sent: Sunday, February 22, 2004 9:03 AM
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: Building an MS-SA box
>
>MW Mike Weiner (5028) wrote:
> > FromOrTo:       default                 delete
> > FromOrTo:       mweiner at bmarts.com      store deliver
> >
> > The thought here was to temporarily store the email so I can use later
> > for Bayesian training. However, it has come up in the list a few times
> > that some people think when the options are set as above "store
> > deliver" then that piece of email is not getting processed at all.
> > Meaning when mweiner at bmarts.com gets an email, it gets stored and not
> > processd via sa or even clamav. Is this the case? I could sift through
> > code, but that's not really very valuable to me at this point. What I
> > need is to figure out what is causing clamav not to run or at least
> > tag or log anything to indicate that its running properly through ms
> > and it was indicated that the delivery options may be the problem.
>
>The stored copy is in its original form for many reasons such as legal ones.
>The delivered one on the other hand is of course processed. I agree, there
>seems to be some confusion about that on the list.
>
>By the way, I think the default rule should be last, might not matter here
>but for good form if nothing else. :-)
>
>--
>/Peter Bonivart
>
>--Unix lovers do it in the Sun
>
>Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
>SpamAssassin 2.63 + DCC 1.2.30, ClamAV 0.67 + GMP 4.1.2

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

More information about the MailScanner mailing list