MCP suggestions

Billy A. Pumphrey bpumphrey at WOODMACLAW.COM
Mon Jul 11 16:08:27 IST 2005


> Billy A. Pumphrey wrote:
> 
> >I obviously have nothing in the MCP settings.  When I go to mailwatch
> >and Update MCP Rule Descriptions it says:
> >Rule Description
> >SAMPLE_RULE1 Banned Subject
> >SAMPLE_RULE2 Banned body text
> >SAMPLE_RULE1 Banned Subject
> >SAMPLE_RULE2 Banned body text
> >
> >I was looking in /etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf
and
> >it has:
> >Skip_rml_checks 1
> >Should this be 0 so that it does not skip?
> >
> >Does anyone have good .cf files for the mcp directory?
> >
> >
> skip_rbl_checks 1
> is correct as in MCP you don't want to do RBL lookups. As MCP is just
> content-filtering, it doesn't want to do any network-based checks at
all.
> What sort of thing are you trying to stop? I can write a couple of
> examples for you if you like. But there is already an example in the
mcp
> directory anyway, can't you just work from that? More docs on what you
> can do in there is in "man Mail::SpamAssassin::Conf".
> 
> --
> Julian Field

I don't want to put vague rules in there and have false positives.  Here
is an example email that slipped through:

How are you, 

$400,000 = few hundred per month 

My friend showed me this now or never rifienance QU0TE.

====================================================================
==================================================================== 

Check below: 

http://innhgh.com 

====================================================================
==================================================================== 

This is Valid for next 24 hrs. only. 


I am a teacher of preschool children with disabilities. I have been
making software for the children in my classrooms for the last eight
years. Over the past 23 years I have encountered many types of
disabilities and many types of parents. The question. 
i need to get a pedicure. my feet smell and itch. 

Sincerely,
Sammie Faris


--------------
Headers
--------------
Microsoft Mail Internet Headers Version 2.0
Received: from localhost.localdomain ([10.1.1.15]) by
mail.woodmaclaw.com with Microsoft SMTPSVC(5.0.2195.6713);
	 Sat, 9 Jul 2005 06:49:24 -0500
Received: from owl.dns-nac-zone.com (owl.dns-nac-zone.com [207.99.35.2])
	by localhost.localdomain (8.13.4/8.13.1) with ESMTP id
j69BlJlP026342
	for <bpumphrey at woodmaclaw.com>; Sat, 9 Jul 2005 06:47:19 -0500
Received: from nuno by owl.dns-nac-zone.com with local-bsmtp (Exim 4.44)
	id 1DrDpQ-0006YD-RH
	for nuno at indysmash.com; Sat, 09 Jul 2005 11:49:05 +0000
Received: from 148.219113109.m-net.ne.jp ([219.113.109.148])
	by owl.dns-nac-zone.com with smtp (Exim 4.44)
	id 1DrDpO-0006Wz-Ry; Sat, 09 Jul 2005 11:49:04 +0000
Subject: check our new site with h!storic L0W QU0TE
Message-ID: <PEUK$cm0U8.bGQtxRR$rNW4 at callosal2.yahoo.com.au>
From: "Clarice Z. Olariu" <freekfreek9tMr at yahoo.co.jp>
To: "Clarice Z. Olariu" <freekfreek9tMr at yahoo.co.jp>
Cc: boomer123 at indysmash.com, bried at indysmash.com, burlaza at indysmash.com,
        calvelo at indysmash.com, caska at indysmash.com,
maxloragno at indysmash.com,
        mcevers at indysmash.com, nuno at indysmash.com,
pattysines at indysmash.com,
        paul.vigurs at indysmash.com
Date: Sat, 09 Jul 2005 06:30:28 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="--Piece.PHDWba7W3.m"
X-Spam-Level: ***
X-Spam-Status: No, score=3.8 required=5.0 tests=BAYES_99,HTML_10_20,
	HTML_MESSAGE,MPART_ALT_DIFF autolearn=no version=3.0.4
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on 
	owl.dns-nac-zone.com
X-AntiAbuse: This header was added to track abuse, please include it
with any abuse report
X-AntiAbuse: Primary Hostname - owl.dns-nac-zone.com
X-AntiAbuse: Original Domain - indysmash.com
X-AntiAbuse: Originator/Caller UID/GID - [32668 12] / [47 12]
X-AntiAbuse: Sender Address Domain - yahoo.co.jp
X-Source: 
X-Source-Args: /usr/sbin/exim -Mc 1DrDpO-0006Wz-Ry 
X-Source-Dir: /tmp
X-WoodMacLaw-MailScanner-Information: Please contact the ISP for more
information
X-WoodMacLaw-MailScanner: Found to be clean
X-WoodMacLaw-MailScanner-MCPCheck: MCP-Clean, MCP-Checker (score=0,
	required 1)
X-WoodMacLaw-MailScanner-SpamCheck: not spam, SpamAssassin (score=4.809,
	required 5, BAYES_99 3.50, HTML_10_20 0.25, HTML_MESSAGE 0.00,
	MPART_ALT_DIFF 0.07, URIBL_SBL 1.00)
X-WoodMacLaw-MailScanner-SpamScore: ssss
X-WoodMacLaw-MailScanner-From: freekfreek9tmr at yahoo.co.jp
Return-Path: freekfreek9tMr at yahoo.co.jp
X-OriginalArrivalTime: 09 Jul 2005 11:49:24.0606 (UTC)
FILETIME=[40B0B1E0:01C5847C]

----Piece.PHDWba7W3.m
Content-Type: text/plain;
 format=flowed;
 charset=iso-8859-15
Content-Transfer-Encoding: 7Bit

----Piece.PHDWba7W3.m
Content-Type: text/html;
 format=flowed;
 charset=iso-8859-15
Content-Transfer-Encoding: 7Bit


----Piece.PHDWba7W3.m--




Maybe I am misunderstanding the 'importance' or 'function' of MCP.  I
remember when I start my admin job and there was Symantec spam filtering
setup on the exchange server.  I was like, oh yeah we going to get that
spam.  So I started filtering words like sex, pu***, free, and so on.
Then it made a little chaos because that did not work and got good
emails.  I do not want to do this with MCP, so I was thinking that there
might be files for MCP as there are .cf's for rules for spamassassin.



Billy Pumphrey
IT Manager
Wooden & McLaughlin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!



More information about the MailScanner mailing list