filename scanning by domain

Chris Trudeau chris at TRUDEAU.ORG
Fri Feb 18 13:50:30 GMT 2005 

I found this in the archives:

 

         At 18:41 16/12/2002, you wrote:

        >Any way to turn off filename scanning for a particular domain?  I have tried

        >using the whitelist, but that has no effect on filename scanning.

 

        Create a filename rules file that just contains

        allow   $       -       -

        and create a ruleset that points to this file just for this domain, and

        uses a default filename.rules.conf file for everyone else.

 

        >A particular customer get's .bat files from an automated system, but I want

        >to reject it for everyone else.  Thanks.

 

        In which case, you don't want the filename rules file above, you want a

        copy of the normal one but with 1 extra filename rule at the top

        allow   \.bat$  -       -

 

 

My question is in what order does MailScanner read these?  I have a
domain I want to allow .zip files from.  My rules file is built as
outlined above, and I have the following:

 

From:    Friendlydomain.com       /configfiles/allow.filename.rule

 

To:        mydomain.com              /configfiles/blockbadstuff.rule

From:    mydomain.com              /configfiles/allowfrommydomain.rule

 

 

Where allow.filename.rule is a blanket allow file.  Blockbadstuff is my
default inbound rules file and allowfrommydomain.rule is my outbound
rules file.

 

The problem (I think) is that MailScanner is seeing the message match the
From: friendlydomain.com AND the To: mydomain.com condition and is
applying the blocking rule.  Is this right or does mailscanner read/apply
rules in order?

 

CT

 

 

Chris Trudeau, CISSP, ISSAP

chris at trudeau.org

 


----------------------------------------------
This message has been scanned for viruses and
dangerous content by the
DefendMail Secure Messaging Service and is
believed to be clean. ------------------------ MailScanner list
------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list