{Spam?} [MAILSCANNER] New spam faking whitelisting
Casanova, Chase
Chase.Casanova at RDU.COM
Thu Jun 3 21:37:57 IST 2004
Chris,
The Spam Action and High Scoring Spam Action will do just what you want, but only if your Required SpamAssassin Score = 10
Then you just do:
Spam Actions = forward postmaster at yourdomain.com
High SpamAssassin Score = 100
High Scoring Spam Actions = delete
If your Required SpamAssassin Score is not 10 and you want to store the Spam that scored below 10. Then with the standard MailScanner.conf settings you won't be able to drop the Spam with a score over 100.
i.e. make you High SpamAssassin Score = 10
Spam Actions = store forward postmaster at yourdomain.com
High SpamAssassin Score = 10
High Scoring Spam Actions = forward postmaster at yourdomain.com
-Chase
-----Original Message-----
From: Chris Conn [mailto:cconn at ABACOM.COM]
Sent: Thursday, June 03, 2004 10:59 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: [MAILSCANNER] {Spam?} [MAILSCANNER] New spam faking
whitelisting
Casanova, Chase wrote:
> Chris,
>
> Can you not do what you want with the Spam Actions setting in MailScanner.conf
>
> Spam Actions = store forward postmaster at yourdomain.com
>
Hello,
Yes, but this is not what I want to do. When using sendmail (I don't
know about other MTAs), if you whitelist an email address, all other Cc:
or Bcc: addresses will receive the SPAM. What I want to establish is
the possibility of not using the whitelist function but rather create a
ruleset under the spam actions for high scoring spam, and deliver spam
to the postmaster account at scores less than 100 while deleting spam
with score of 10 or more for other users, even if they are Cc: or Bcc:
on the spam sent to the postmaster.
Chris
> -Chase
>
> -----Original Message-----
> From: Chris Conn [mailto:cconn at ABACOM.COM]
> Sent: Thursday, June 03, 2004 10:26 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: [MAILSCANNER] {Spam?} [MAILSCANNER] New spam faking
> whitelisting
>
>
> List Account wrote:
>
>>I think I found the problem. The problem is one of the addresses,
>>jobs at ourdomain.com, is on the whitelist. Is there any to not allow the
>>message for everyone just because that one address is whitelisted?
>>
>
> Hello,
>
> I am also trying to tackle this problem as my whitelist to a postmaster
> account is causing Cc: and Bcc: recipients to receive the spam.
>
> If it cannot be done with the whitelist feature, could it be instead
> done by creating a ruleset for the high-score spam action? For
> instance, have a high scoring spam of 10 for all but the postmaster
> address, set to 100?
>
> Chris
>
>
>>Thanks,
>>
>>Howard
>>
>>
>>
>>>From: Martin Hepworth <martinh at SOLID-STATE-LOGIC.COM>
>>>Reply-To: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
>>>To: MAILSCANNER at JISCMAIL.AC.UK
>>>Subject: Re: {Spam?} [MAILSCANNER] New spam faking whitelisting
>>>Date: Thu, 3 Jun 2004 15:04:57 +0100
>>>
>>>Hi
>>>
>>>what does /etc/MailScanner/rules/spam.whitelist.rules look like
>>>
>>>
>>>--
>>>Martin Hepworth
>>>Snr Systems Administrator
>>>Solid State Logic
>>>Tel: +44 (0)1865 842300
>>>
>>>
>>>List Account wrote:
>>>
>>>
>>>>Hello all,
>>>>
>>>>I am running MailScanner 4.26.8-1 with postfix 2.0.18, SpamAssassin 2.63
>>>>and
>>>>ClamAV 0.70. Starting today, I'm seeing spam messages comming in saying
>>>>that they are white listed, but they aren't on my whitelist in
>>>>/etc/MailScanner/rules/spam.whitelist.rules. Here are the message
>>>>details
>>>>from MailWatch:
>>>>
>>>>Received on: 03/06/04 08:40:20
>>>>Received by: mailscanner
>>>>Received from: 61.202.42.238 (n042238.ppp.dion.ne.jp)
>>>>124.8.92.244
>>>>ID: D0AEE900
>>>>Message Headers: Received: from n042238.ppp.dion.ne.jp
>>>>(N042238.ppp.dion.ne.jp [61.202.42.238])
>>>>by mailscanner.ourdomain.com (Postfix) with SMTP
>>>>id D0AEE900; Thu, 3 Jun 2004 08:40:04 -0500 (CDT)
>>>>Received: from bfzoqwcn-rtfu363.de.twirl.English at canada.com
>>>>([124.8.92.244])
>>>>by umxo4989-eku33.61.202.42.238 with Microsoft SMTPSVC(0.0.8246.1834);
>>>>Thu, 03 Jun 2004 07:29:06 -0600
>>>>From: "Efren Hyde" <twirl.English at canada.com>
>>>>To: user at ourdomain.com
>>>>Cc: info at ourdomain.com, user2 at ourdomain.com,
>>>>user3 at ourdomain.com, user4 at ourdomain.com,
>>>>jobs at ourdomain.com, user5 at ourdomain.com,
>>>>user6 at ourdomain.com
>>>>Subject: invest in yourself, get a new job
>>>>Date: Thu, 03 Jun 2004 15:26:06 +0200
>>>>Message-ID: <18484457687322.64.53502 at eunkzq-db12511.localhost>
>>>>MIME-Version: 1.0
>>>>Content-Type: multipart/alternative;
>>>>boundary="--13344725039681107"
>>>>From: twirl.english at canada.com
>>>>To: user at ourdomain.com
>>>>user at ourdomain.com
>>>>user2 at ourdomain.com
>>>>user2 at ourdomain.com
>>>>user3 at ourdomain.com
>>>>user3 at ourdomain.com
>>>>jobs at ourdomain.com
>>>>jobs at ourdomain.com
>>>>user4 at ourdomain.com
>>>>user4 at ourdomain.com
>>>>user5 at ourdomain.com
>>>>user5 at ourdomain.com
>>>>Subject: invest in yourself, get a new job
>>>>Size: 2.5Kb
>>>>Virus: N
>>>>Blocked File: N
>>>>Other Infection: N
>>>>Report:
>>>>Spam: N Action(s): deliver
>>>>High Scoring Spam: N
>>>>Listed in RBL: N
>>>>Whitelisted: Y
>>>>Blacklisted: N
>>>>SpamAssassin Spam: N
>>>>SpamAssassin Score: 0.00\
>>>>
>>>>Is anyone else seeing this, and what can I do to stop it?
>>>>
>>>>Thanks,
>>>>
>>>>Howard
>>>>
>>>>_________________________________________________________________
>>>>Getting married? Find great tips, tools and the latest trends at MSN
>>>>Life
>>>>Events. http://lifeevents.msn.com/category.aspx?cid=married
>>>>
>>>>-------------------------- MailScanner list ----------------------
>>>>To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
>>>>Before posting, please see the Most Asked Questions at
>>>>http://www.mailscanner.biz/maq/ and the archives at
>>>>http://www.jiscmail.ac.uk/lists/mailscanner.html
>>>>
>>>
>>>**********************************************************************
>>>
>>>This email and any files transmitted with it are confidential and
>>>intended solely for the use of the individual or entity to whom they
>>>are addressed. If you have received this email in error please notify
>>>the system manager.
>>>
>>>This footnote confirms that this email message has been swept
>>>for the presence of computer viruses and is believed to be clean.
>>>
>>>**********************************************************************
>>>
>>>-------------------------- MailScanner list ----------------------
>>>To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
>>>Before posting, please see the Most Asked Questions at
>>>http://www.mailscanner.biz/maq/ and the archives at
>>>http://www.jiscmail.ac.uk/lists/mailscanner.html
>>
>>
>>_________________________________________________________________
>>Stop worrying about overloading your inbox - get MSN Hotmail Extra Storage!
>>http://join.msn.click-url.com/go/onm00200362ave/direct/01/
>>
>>-------------------------- MailScanner list ----------------------
>>To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
>>Before posting, please see the Most Asked Questions at
>>http://www.mailscanner.biz/maq/ and the archives at
>>http://www.jiscmail.ac.uk/lists/mailscanner.html
>
>
> -------------------------- MailScanner list ----------------------
> To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/ and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>
> -------------------------- MailScanner list ----------------------
> To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/ and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list