Per-user whitelisting

Don Newcomer newcomer at DICKINSON.EDU
Tue Jun 15 14:08:51 IST 2004 

I'm still having trouble with this.  I've had a number of messages get
flagged as spam when I have the appropriate entries in
/usr/local/MailScanner/spam.bydomain/whitelist/newcomer at dickison.edu.  Here
are the headers from one:

>From enewsletter at ruceci.com Tue Jun 15 09:02:41 2004
Return-Path: <enewsletter at ruceci.com>
Received: from alpha.dickinson.edu by falcon.dickinson.edu
    (8.8.8/1.1.22.3/25Feb99-0911AM)
        id IAA0000012337; Tue, 15 Jun 2004 08:59:49 -0400 (EDT)
Received: from ruceci.natsem.com by alpha.dickinson.edu
    (8.11.1/1.1.29.3/19Aug03-0302PM)
        id i5FCxUC0000390201; Tue, 15 Jun 2004 08:59:31 -0400 (EDT)
Message-Id: <200406151259.i5FCxUC0000390201 at alpha.dickinson.edu>
Received: from CAMPAIGN (10.1.1.101) by ruceci.natsem.com (LSMTP for
    Windows NT v1.1b) with SMTP id <0.001CB786 at ruceci.natsem.com>; Mon,
     14 Jun 2004 18:40:07 -0500
From: "National Seminars Group"<enewsletter at ruceci.com>
To: <newcomer at dickinson.edu>
Subject: Your New August Training Schedule
Date: MON, 14 JUN 2004 18:40:07 -0500
MIME-Version: 1.0
Reply-To: "National Seminars Group"<cstserv at natsem.com>
Errors-To: "National Seminars Group"<bounce at ruceci.com>
Content-Type: multipart/alternative; boundary="Boundary.11111111.11111111"
X-Dickinson-MailScanner-Information: Please contact the ISP for more
    information
X-Dickinson-MailScanner: Found to be clean
X-Dickinson-MailScanner-SpamCheck: spam, SpamAssassin (score=3.152,
        required 3, BAYES_00 -4.90, DATE_IN_PAST_12_24 0.75,
        HTML_MESSAGE 0.10, HTTP_WITH_EMAIL_IN_URL 0.20,
        MAILTO_SUBJ_REMOVE 0.89, MIME_MISSING_BOUNDARY 1.84,
        MK_BAD_HTML_05 0.30, MSGID_FROM_MTA_HEADER 0.70, OFFERS_ETC 0.23,
        REMOVE_PAGE 0.50, REMOVE_REMOVAL_1WORD 1.89, REMOVE_SUBJ 0.35,
        SARE_WEOFFER 0.30)
X-Dickinson-MailScanner-SpamScore: sss
X-MailScanner-From: enewsletter at ruceci.com

In my whitelist file I have enewsletter at ruceci.com, enewsletter.ruceci.com,
and ruceci.natsem.com.  According to the mail log, it's coming from the
first of the three addresses...

Jun 15 08:59:37 alpha sendmail[390201]: i5FCxUC0000390201: from=<enewsletter at ruc
eci.com>, size=29562, class=0, nrcpts=2, msgid=<200406151259.i5FCxUC0000390201 at a
lpha.dickinson.edu>, bodytype=8BITMIME, proto=SMTP, daemon=Daemon0, relay=enewsl
etter.ruceci.com [206.113.206.87] (may be forged)
Jun 15 08:59:50 alpha sendmail[393002]: i5FCxUC0000390201: to=newcomer at falcon.di
ckinson.edu, delay=00:00:19, xdelay=00:00:01, mailer=smtpl, pri=179562, relay=fa
lcon.dickinson.edu. [172.16.33.250], dsn=2.0.0, stat=Sent (IAA0000012337 Message
 accepted for delivery)

While this one isn't a huge deal, another comes from a credit card company.
Again, I can see no reason why these aren't being whitelisted.  I haven't
gotten a lot of complaints because we're only marking mail as spam and
deleting the really high-scoring (15+) ones.  However, once we roll out
filtering based on spam score, this will become a big issue.

I really like the flexibility of the per-user white/blacklisting and would
love to keep it in place.  However, if I can't iron out these issues that
keep the whitelisting from working, I may have to fall back to the sitewide
whitelist.  Any help would be greatly appreciated.

Don Newcomer
Senior Manager, Systems
Infrastructure Systems Department
Library and Information Services
Dickinson College
P.O. Box 1773
Carlisle, PA  17013
717-245-1256 (Voice)
717-245-1690 (FAX)
newcomer at dickinson.edu

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

More information about the MailScanner mailing list