Speaking of AWL...

Dave Duffner - NWCWEB.com webalizer at NWCWEB.COM
Mon Feb 7 23:14:20 GMT 2005


        For some reason the List server didn't like this the
way it was, so we'll try it again.  Thought it saw some
commands or something?

> -----Original Message-----
> From: Dave Duffner - NWCWEB.com [mailto:webalizer at nwcweb.com]
> Sent: Monday, February 07, 2005 6:12 PM
> To: 'MailScanner mailing list'
> Subject: RE: Speaking of AWL...
>
>
> Ok,
>
>         This went from mediocre to way off base...
>
>         Went into MailScanner.conf, found the setting to
> disable SA's AWL feature.  Explanation there is minimal but
> it looks like a bad thing to turn it off.  Going with the
> sensible advice below, turned it off anyways.
>
>         I'm monitoring the flow through MailWatch and I
> note higher loads since doing so, can live with that as
> it's spastic and not constant.
>
>         BUT... I'm watching the flow Last 50 messages and
> note the following:
>
>         #1 - It starts Whitelisting things randomly?  Mail
> to/from the same people is W/L 50% of the time and others
> not.  What's with that, especially as the accounts and domain
> in question aren't even in the WL we had created previously?
>
>         #2 - Spammer sends 3 copies of the same junk to the
> same client address on a particular box.  The following
> occurs:
>
>         1st Copy - MS says Clean, passed to allow SA to tag it.
>
>         2nd Copy - MS Whitelists the thing?
>
>         3rd Copy - MS Whitelists again?
>
>         I note that the 1st copy only comes from the source
> IP, but the other two have been received by our main IP as well
> (double-relayed?) and I think that's why it's whitelisting
> it.
>
>         So either something misconfigured since taking SA AWL
> out of the picture or I've developed a new problem.  Only
> confusing part is why taking SA's AWL out would suddenly
> cause these effects since MailScanner's techincally getting
> it to play with first?
>
>      Dave
>
>
>
> > -----Original Message-----
> > From: MailScanner mailing list
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> > Behalf Of Matt Kettler
> > Sent: Monday, February 07, 2005 4:31 PM
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: Re: Speaking of AWL...
> >
> >
> > At 04:08 PM 2/7/2005, Dave Duffner - NWCWEB.com wrote:
> > >         Is it better to turn off the AWL feature of
> either MS or SA
> > >and just maintain our own white/black lists using 2.6?
> >
> > Well, Only SA has an AWL feature. It's just where you turn
> it off that
> > differs between SA 2.6 and SA 3.0. (In 2.6 you use
> MailScanner.conf,
> > in 3.0 you use the local.cf)
> >
> >
> >
> > >  Is there any real benefit to AWL'ing if we have our
> > >own maintained list of what's kosher in our servers?  We're
> > not talking
> > >huge loads of clients here, so hands-on is not a problem.
> >
> >
> > Quite frankly, I'm not a big fan of either the AWL, nor static
> > whitelists.
> >
> > IMO, the AWL may be useful, but really only in the
> single-user case.
> > It's semi-OK in the multi-user case, but it's value is diluted
> > greatly. It's also slightly subject to abuse by spammers (if they
> > figure out how). Play with it, and use it if you like it,
> leave it if
> > you don't. I myself don't care for it.
> >
> > For me static whitelists are really a "method of last
> resort" as they
> > are just a way of covering up other problems with your SA
> setup that
> > could be better fixed by configuration or rule adjustment. However,
> > cooking up rule tweaks isn't exactly the simplest thing to
> do, so for
> > many admins, whitelists are the way to go. However, no admin should
> > need to create very many whitelist entries.
> >
> > If you find yourself creating lots of whitelists to avoid
> rampant FP
> > problems, I'd strongly suggest stepping back and looking at
> why you're
> > getting so many FP's in the first place.
> >
> > I personally run with only one whitelist command, plus SA's default
> > set. In the past week no messages would have scored over
> +2.8 without
> > the bonuses of the whitelists.
> >
> > ------------------------ MailScanner list
> > ------------------------ To unsubscribe, email
> jiscmail at jiscmail.ac.uk
> > with the words: 'leave mailscanner' in the body of the
> email. Before
> > posting, read the MAQ
> > (http://www.mailscanner.biz/maq/) and the archives
> > (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > Support MailScanner development - buy the book off the website!
> >
> > --
> > Message scanned by MailScanner, and is believed to be clean.
> > CONFIDENTIALITY NOTICE:  This transmission intended for the
> specified
> > destination and person.  If this is not you, this
> > e-mail must be deleted immediately.     www.nwcweb.com
> >
>
>
> --
> Message scanned by MailScanner, and is believed to be clean.
> CONFIDENTIALITY NOTICE:  This transmission intended for the
> specified destination and person.  If this is not you, this
> e-mail must be deleted immediately.     www.nwcweb.com
>
> ------------------------ MailScanner list
> ------------------------ To unsubscribe, email
> jiscmail at jiscmail.ac.uk with the words: 'leave mailscanner'
> in the body of the email. Before posting, read the MAQ
> (http://www.mailscanner.biz/maq/) and the archives
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>


--
Message scanned by MailScanner, and is believed to be clean.
CONFIDENTIALITY NOTICE:  This transmission intended for the
specified destination and person.  If this is not you, this
e-mail must be deleted immediately.     www.nwcweb.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list