rules help

Matt Kehler mkehler at WRHA.MB.CA
Tue May 31 15:51:47 IST 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

That doesn't go with what was said last week I don't think.
 
Basically then, in filename.bob.rules, I have to have the ALLOW for
BOB.EXE, *AND* then I have to have ALL my other denys in there that are
already in filename.default.rules...  ???  In which case..if I have 10
users that need various exceptions..then that means if I ever want to
change my master default block list thats in filename.default.rules..I
have to edit all 10 user exception rule files as well as the
filename.default.rules??
 
This is getting pretty frustrating.  All I want is to allow
bob at domain.com to send one file, and then have all of the default rules
applied.  You'd think that would be a trivial issue to setup, without
having to replicate the rules all over the place. 
 
If it was really like a proper rule processing setup as your typical
firewall (I happen to work with Checkpoint, but all are pretty much the
same), then you'd be able to configure it so that bob can send the
bob.exe file...and if bob.PIF comes in...it would be blocked by the
default rules.  If you can't do that..then MailScanner is more like
making exceptions ONLY based on user...and that specific user has it
entirely own/separate ruleset.   Thats not an exception; thats 2
rulesets.
 
Matt

>>> ugob at CAMO-ROUTE.COM 5/31/2005 9:25:07 AM >>>
Matt Kehler wrote:
> 
> Another question on the rules...  I have MailScanner.conf pointing to
> filename.conf.rules ...as per below
> 
> #filename.conf.rules
> FromOrTo:       bob at domain.com <mailto:bob at domain.com>        
> /etc/MailScanner/rules/filename.bob.rules
> FromOrTo:       default                
> /etc/MailScanner/rules/filename.default.rules
> 
> #filename.bob.rules
> allow   bob.exe    -       -
> #filename.default.rules
>  ~ this has a boatload of denys in in...100 or so filenames..
> 
> Anyways...with the above config, *ANY FILE* sent from bob at domain.com
> <mailto:bob at domain.com> is allowed through.  Everything else works as
it
> should (ie, no other users can send exe's or any other file listed as
> deny in filename.default.rules).  I am assuming because the rules allow
> bob.exe to get through..but filename.default.rules does NOT get
> processed after that.  Looking through the emails on the list regarding
> rules from last week, it would seem I need to change the
> filename.conf.rules so that it adds in the 2nd line as per below
> 
> #filename.conf.rules
> FromOrTo:       bob at domain.com <mailto:bob at domain.com>        
> /etc/MailScanner/rules/filename.bob.rules
> FromOrTo:       *@domain.com
> <mailto:*@domain.com>            
/etc/MailScanner/rules/filename.default.rules
> FromOrTo:       default                
> /etc/MailScanner/rules/filename.default.rules
> 
> Is this correct?  Does 'default' not really mean 'everything'?  I take
> it 'default' is only triggered if NO other rules have been
> processed...as opposed to meaning 'default' will ALWAYS get processed?
> 

Like firewall rules, first rule triggered stop the processing.  The
default is only processed if no other rule is triggerred.

Ugo

> thx
> Matt
> 
> 
> 
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> *Support MailScanner development - buy the book off the website!*

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!



More information about the MailScanner mailing list