Blacklist To: not working

Daniel Bird dbird at SGHMS.AC.UK
Wed Jan 19 12:52:55 GMT 2005

Dan Haris wrote:

>We get a lot of spam sent to specific non-existent users, which I'm trying
>to block. We use what I believe is the latest stable MailScanner (4.37.7)
>along with Exim 4.32, as a gateway server. I've seen some discussion in the
>mailing list archives about blocking non-existent users at the mta level,
>but this seems to have only been on sendmail. For various reasons (mainly
>paranoid management) we don't want to go this route at the moment, but if
>anyone can point me in the right direction for this I'd appreciate it as it
>may be of use as a last resort.
You'll want to use Exim's callout fuction:

A far better solution is to "block" at the MTA level IMHO.


> Our main mail servers (E-Smith/SME server)
>run QMail I think authenticating against an LDAP user database (although I
>may be talking rubbish there!).
>Anyhow, here's the question:
>I'm trying to blacklist a To: address in my
>/etc/MailScanner/rules/spam.blacklist.rules file with an entry like this:
>To:     user at               yes
>Unfortunately this does not seem to be behaving as expected. Since I added
>this rule, I've had several spam emails get through to this address. Looking
>at the relevant headers from one of them below, the address seems to have
>been recognised as blacklisted, but assigned a HIGH SPAM SCORE of zero and
>says "Found to be clean":
>Subject: {Spam? High Score 0} Downl0ad National Treasure Movie
>To: xxx at
>X-yyyy-MailScanner-Information: Please contact the IT Dept for more
>X-yyyy-MailScanner: Found to be clean
>X-yyyy-MailScanner-SpamCheck: spam (blacklisted)
>There is no entry in the log for this spam (presumably as I don't bother
>logging non-spam). However there is an entry like this:
>Jan 18 03:29:35 mailscan MailScanner[7058]: Message 1Cqk3g-0001vb-Ep from
> (livptxxxx at to is spam (blacklisted)
>This email did not get through.
>My MailScanner.conf contains the following:
>Definite Spam Is High Scoring = yes
>Required SpamAssassin Score = 5
>High SpamAssassin Score = 10
>SpamAssassin Auto Whitelist = yes
>Check SpamAssassin If On Spam List = yes
>Spam Actions = forward spamtrap at
>High Scoring Spam Actions = delete
>Non Spam Actions = deliver
>Any ideas anyone?
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail at with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ ( and
>the archives (
>Support MailScanner development - buy the book off the website!


Daniel Bird
Network and Systems Manager
Department Of Information Services
St. George's Hospital Medical School
London SW17 0RE

P: +44 20 8725 2897
F: +44 20 8725 3583
E: dan at

Computing Services Homepage:

The Computing Services Handbook:

Everything is possible....except skiing through a revolving door.

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ ( and
the archives (

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list