rules help
Julian Field
MailScanner at ecs.soton.ac.uk
Tue May 31 16:09:27 IST 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
What's wrong with this?
Filename rules = /etc/MailScanner/rules/filename.rules
Then in filename.rules put this:
From: bob at domain.com /etc/MailScanner/bob.allow.conf
/etc/MailScanner/all.normal.conf
FromOrTo: default /etc/MailScanner/all.normal.conf
Then in bob.allow.conf put this:
allow bob.exe - -
and in all.normal.conf put all your normal deny rules you apply to
everyone else.
Seems perfectly flexible to me :-)
On 31 May 2005, at 15:51, Matt Kehler wrote:
That doesn't go with what was said last week I don't think.
Basically then, in filename.bob.rules, I have to have the ALLOW for
BOB.EXE, *AND* then I have to have ALL my other denys in there that
are already in filename.default.rules... ??? In which case..if I
have 10 users that need various exceptions..then that means if I
ever want to change my master default block list thats in
filename.default.rules..I have to edit all 10 user exception rule
files as well as the filename.default.rules??
This is getting pretty frustrating. All I want is to allow
bob at domain.com to send one file, and then have all of the default
rules applied. You'd think that would be a trivial issue to setup,
without having to replicate the rules all over the place.
If it was really like a proper rule processing setup as your
typical firewall (I happen to work with Checkpoint, but all are
pretty much the same), then you'd be able to configure it so that
bob can send the bob.exe file...and if bob.PIF comes in...it would
be blocked by the default rules. If you can't do that..then
MailScanner is more like making exceptions ONLY based on user...and
that specific user has it entirely own/separate ruleset. Thats
not an exception; thats 2 rulesets.
Matt
>>> ugob at CAMO-ROUTE.COM 5/31/2005 9:25:07 AM >>>
Matt Kehler wrote:
>
> Another question on the rules... I have MailScanner.conf
pointing to
> filename.conf.rules ...as per below
>
> #filename.conf.rules
> FromOrTo: bob at domain.com <mailto:bob at domain.com>
> /etc/MailScanner/rules/filename.bob.rules
> FromOrTo: default
> /etc/MailScanner/rules/filename.default.rules
>
> #filename.bob.rules
> allow bob.exe - -
> #filename.default.rules
> ~ this has a boatload of denys in in...100 or so filenames..
>
> Anyways...with the above config, *ANY FILE* sent from
bob at domain.com
> <mailto:bob at domain.com> is allowed through. Everything else
works as it
> should (ie, no other users can send exe's or any other file
listed as
> deny in filename.default.rules). I am assuming because the rules
allow
> bob.exe to get through..but filename.default.rules does NOT get
> processed after that. Looking through the emails on the list
regarding
> rules from last week, it would seem I need to change the
> filename.conf.rules so that it adds in the 2nd line as per below
>
> #filename.conf.rules
> FromOrTo: bob at domain.com <mailto:bob at domain.com>
> /etc/MailScanner/rules/filename.bob.rules
> FromOrTo: *@domain.com
> <mailto:*@domain.com>
/etc/MailScanner/rules/filename.default.rules
> FromOrTo: default
> /etc/MailScanner/rules/filename.default.rules
>
> Is this correct? Does 'default' not really mean 'everything'? I
take
> it 'default' is only triggered if NO other rules have been
> processed...as opposed to meaning 'default' will ALWAYS get
processed?
>
Like firewall rules, first rule triggered stop the processing. The
default is only processed if no other rule is triggerred.
Ugo
> thx
> Matt
>
>
>
>
> ------------------------ MailScanner list
------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/)
> and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> *Support MailScanner development - buy the book off the website!*
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list