design issue - whitelist rules/blacklist rules

Wess mailscanner at ELIQUID.COM
Wed Nov 17 13:57:51 GMT 2004


    [ The following text is in the "utf-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Venkata,

Let me try to clear this up for you.

The whilelist rules override the blacklist rules everytime.


This is from spam.whitelist.rules

This first line tells MS to whilelist the entire domain. 
The second line tells MS to NOT whitelist and mail sent TO the user
specified.  These two rules will work together, the second being the
exception to the first.

FromOrTo:       *@domain.tld         yes
To:                   user at domain.tld    no


Only use the spam.blacklist.rules file if you want to just mark mail to
an account as garbage right away, without processing.  Keep in mind that
whitelist always over-rides the blacklist.

On Tue, 2004-11-16 at 19:52, Venkata Achanta wrote:

 Julian,

I am trying to accomplish the following

DENY   Anything From *@domain.com To *@domain.com
EXCEPT From no-reply at domain.com To *@domain.com

I have tried different combinations of whitelist and blacklist rules to get
this working and cant get it to work.

blacklist.rules
From:   *@domain.com and To: *@domain.com   yes
From:   no-reply at domain.com and To: *@domain.com   no
( WTH am i doing this? i want to disallow spoofing.MS running Linux box
delivers clean messages to our exchange server so all internal e-mail wont
go thru the MS box )

whitelist.rules
From:   no-reply at domain.com   yes
From:   no-reply at domain.com and To: *@domain.com   yes

(these are some administrative scipts e-mailing from that e-mail addy, i got
to get those but they are getting tagged as spam)


Here are the logs to reinforce my statements:

Nov 15 14:36:12 host sendmail[26920]: iAFMaCJI026920:
from=<no-reply at domain.com>, size=902, class=0, nrcpts=1,
msgid=<200411152236.iAFMaCJI026920 at host.domain.com>, proto=ESMTP,
daemon=MTA, relay=host [127.0.0.1]
Nov 15 13:52:02 host MailScanner[29537]: Message iAFLldov018164 from
127.0.0.1 (no-reply at domain.com) is whitelisted
Nov 15 13:52:02 host MailScanner[29537]: Message iAFLldov018164 from
127.0.0.1 (no-reply at domain.com) to domain.com is spam (blacklisted)
Nov 15 13:53:18 host sendmail[24290]: iAFLldov018164: to=<johnq at domain.com>,
delay=00:05:39, xdelay=00:00:00, mailer=esmtp, pri=120902,
relay=[192.168.1.1], dsn=2.0.0, stat=Sent (
<200411152147.iAFLldov018164 at domain.com> Queued mail for delivery)

And i dont understand why we are looking at blacklist rules and marking it
as spam if it is already whitelisted in the first place.Is this a design flaw ?

I want to hear from you what the design of this part of the mailscanner is ?
Doesnt the whitelist stuff override the blackklist ? why is it getting
blacklisted ?

Isnt there a way to do "deny by exception" in the mailscanner , i thought it
did but the logs prove me wrong.

Please advice.

Thanks much,
Venkata Achanta




I already started the discussion under "Re: whitelist rules are being
overridden by the blacklist rules ?" ,if you want to look what else i tried.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

 MailScanner on IRC

Community Support

irc.freenode.net

#mailscanner



------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!



More information about the MailScanner mailing list