Need clarification on whitelist rules

Rick Cooper rcooper at DWFORD.COM
Fri Oct 1 19:03:11 IST 2004

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Julian Field
> Sent: Friday, October 01, 2004 10:04 AM
> Subject: Re: Need clarification on whitelist rules
> > > >I guess my first question is how it's tagged as spam when
> there is a rule
> > > >file for the spam scoring settings? If user A tagges as spam
> > > with a score of
> > > >5.0 and user B tagges it with a score of 7.5 how does the message get
> > > >tagged, since a score of 6.5 would flag as spam for user A and
> > > ham for user
> > > >B?
> > >
> We use it only for automatic spam deletion. In your example, user A would
> be removed from the list of recipients, and it would be normally delivered
> to user B. To use it for anything other than spam deletion is
> pretty much impossible.
> > >
> > > --
> >

> I don't understand that sentence at all, sorry.

Ok right now there is an expansion of the spam and high scoring spam score
that allows for the score for spam/high scoring spam to be configure via a
rule file. if the following rules were in that file:

To:     me at             5.0
To:     you at    7.5
FromOrTo:       default 6.0

and a message arrived from they at that scored 6.5, me at would
not receive the message but you at would. You would now remove
me at from the recipients list (and presumably CC/BCC)

Now suppose you were to also expand the whitelist/blacklist prior to
performing the deletion and that and the *whitelist* rules contained

To:     me at     and From: they at yes
ToOrFrom:       default no

Now even, though the message scored above me at's spam threshold it
would not be tagged /processed as spam and they would not be deleted from
the recipient listing. The inverse would be true for a mail scoring below
their spam threshold but the to/from pair expansion of the blacklist rule
set resulted in the sender address/host being yes.

This would result in the whitelist/blacklisting being as per user as the
spam/high spam scoring, yes? Of course the most economical processing would
be to test the message before processing through SA and see if the entire
message would be whitelisted or blacklist and process it accordingly (skip
SA or dump entirely) before wasting time with SA and/or virus testing, and
only do the above checks if there are more than one recipient.


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ ( and
the archives (

More information about the MailScanner mailing list