spam.actions.rules

Julian Field mailscanner at ecs.soton.ac.uk
Mon Feb 23 14:58:47 GMT 2004 

What you have just witnessed is a problem raised by having messages with
multiple recipients. MailScanner doesn't generate mail messages, so if you
have 5 recipients with different actions, it has to make some decision. In
this case, I believe it uses the result from the 1st recipient. Take a look
in the Advanced Settings section of MailScanner.conf where you will find this:

# When trying to work out the value of configuration parameters which are
# using a ruleset, this controls the behaviour when a rule is checking the
# "To:" addresses.
# If this option is set to "yes", then the following happens when checking
# the ruleset:
#   a) 1 recipient. Same behaviour as normal.
#   b) Several recipients, but all in the same domain (domain.com for example).
#      The rules are checked for one that matches the string "*@domain.com".
#   c) Several recipients, not all in the same domain.
#      The rules are checked for one that matches the string "*@*".
#
# If this option is set to "no", then some rules will use the result they
# get from the first matching rule for any of the recipients of a message,
# so the exact value cannot be predicted for messages with more than 1
# recipient.
#
# This value *cannot* be the filename of a ruleset.
Use Default Rules With Multiple Recipients = no

Use of this option makes the behaviour predictable, as the order of the
recipients doesn't matter.

The other way of solving it is to use sendmail "Queue Groups" to limit the
number of recipients per message to a maximum of 1. How to do this has been
discussed here in the past, should be in the list archive.

At 14:50 23/02/2004, you wrote:
>All,
>
>Just doing some testing with a few friendly guinea pig users and noticed
>something not quite as I would expect.
>
>In Mailscanner.conf
>
>Spam Actions = /opt/local/mailscanner/etc/rules/spam.actions.rules
>
>In spam.actions.rules
>
>To:     gp397 at soton.ac.uk       delete
>To:     g.pentland at soton.ac.uk  delete
>To:     jw at soton.ac.uk          delete
>To:     J.Watts at soton.ac.uk     delete
>To:     eks at soton.ac.uk         delete
>To:     E.K.Struzyna at soton.ac.uk        delete
>To:     lb3 at soton.ac.uk         delete
>To:     L.Williams at soton.ac.uk  delete
>FromorTo:       default deliver
>
>BUT...
>
>Feb 23 14:00:57 mta2.sucs.soton.ac.uk sendmail[10428]: i1NE0s7s010428:
>from=<acutebabe192kkoy at aol.com>, size=3898, class=0, nrcpts=5,
>msgid=<000611d7be47$dab24652$21337435 at efvfxrq.qdi>, proto=SMTP,
>daemon=MTA, relay=adsl-065-082-235-059.sip.btr.bellsouth.net
>[65.82.235.59]
>Feb 23 14:00:57 mta2.sucs.soton.ac.uk sendmail[10428]: i1NE0s7s010428:
>to=<j.w.wan at soton.ac.uk>, delay=00:00:02, mailer=esmtp, pri=153898,
>stat=queued
>Feb 23 14:00:57 mta2.sucs.soton.ac.uk sendmail[10428]: i1NE0s7s010428:
>to=<j.watts at soton.ac.uk>, delay=00:00:02, mailer=esmtp, pri=153898,
>stat=queued
>Feb 23 14:00:57 mta2.sucs.soton.ac.uk sendmail[10428]: i1NE0s7s010428:
>to=<j.rafferty at soton.ac.uk>, delay=00:00:02, mailer=esmtp, pri=153898,
>stat=queued
>Feb 23 14:00:57 mta2.sucs.soton.ac.uk sendmail[10428]: i1NE0s7s010428:
>to=<j.s.thomas at soton.ac.uk>, delay=00:00:02, mailer=esmtp, pri=153898,
>stat=queued
>Feb 23 14:00:57 mta2.sucs.soton.ac.uk sendmail[10428]: i1NE0s7s010428:
>to=<j.e.cochrane at soton.ac.uk>, delay=00:00:02, mailer=esmtp, pri=153898,
>stat=queued
>Feb 23 14:01:01 mta2.sucs.soton.ac.uk MailScanner[22254]: Message
>i1NE0s7s010428 from 65.82.235.59 (acutebabe192kkoy at aol.com) to
>soton.ac.uk is spam, SpamAssassin (score=46.611, required 5, BIZ_TLD
>0.78, CLICK_BELOW_CAPS 0.57, COMPLETELY_FREE 0.74, DATE_IN_FUTURE_03_06
>2.83, EXCUSE_14 0.15, EXCUSE_16 0.17, FAKE_HELO_AOL 1.88,
>FORGED_MUA_EUDORA 1.91, HTML_60_70 0.10, HTML_FONTCOLOR_RED 0.10,
>HTML_FONT_BIG 0.10, HTML_IMAGE_ONLY_08 0.84, HTML_IMAGE_RATIO_06 0.32,
>HTML_LINK_CLICK_CAPS 0.50, HTML_LINK_CLICK_HERE 0.10, HTML_MESSAGE 0.00,
>HTML_TAG_EXISTS_TBODY 0.10, MAILTO_TO_REMOVE 0.04, MAILTO_TO_SPAM_ADDR
>1.05, MIME_HTML_ONLY 0.10, MSGID_OUTLOOK_INVALID 4.30,
>MSGID_SPAM_99X9XX99 4.30, NO_REAL_NAME 0.28, RATWARE_HASH_DASH 4.30,
>RCVD_FAKE_HELO_DOTCOM 1.35, RCVD_IN_BL_SPAMCOP_NET 2.25, RCVD_IN_DSBL
>1.10, RCVD_IN_NJABL 0.10, RCVD_IN_NJABL_PROXY 1.10, RCVD_IN_OPM 4.30,
>RCVD_IN_OPM_SOCKS 4.30, RCVD_IN_SORBS 0.10, RCVD_IN_SORBS_HTTP 1.10,
>RCVD_IN_SORBS_SOCKS 1.10, REMOVE_SUBJ 0.05, SUBJ_HAS_SPACES 0.97,
>SUBJ_HAS_UNIQ_ID 0.21, SUSPICIOUS_RECIPS 3.00)
>Feb 23 14:01:01 mta2.sucs.soton.ac.uk MailScanner[22254]: Spam Actions:
>message i1NE0s7s010428 actions are deliver
>
>and j.watts at soton.ac.uk received this despite the rule set above, is it
>as simple as being case sensitive (I hope not).
>
>Any ideas/advice would be most useful.
>
>Gary

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

More information about the MailScanner mailing list