rules help

Julian Field MailScanner at ecs.soton.ac.uk
Tue May 31 16:27:04 IST 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

You can have as many .conf files as you like in 1 line, which enables you
to concatenate rulesets. The ruleset system is very flexible, to the
point of confusion when you start concatenating multiple .conf files and
multiple settings, which you can do with some configuration options.
On 31 May 2005, at 16:16, Matt Kehler wrote:

      Nothings wrong with that..thats perfect.  I was not aware
      that you can have 2 .conf files in the same line  as per
      below.  Apparantly thats what I was missing :)
 
From: bob at domain.com /etc/MailScanner/bob.allow.conf
/etc/MailScanner/all.normal.conf  
If that works, then I'm set.!
 
thank!!
Matt

>>> MailScanner at ECS.SOTON.AC.UK 5/31/2005 10:09:27 AM >>>
What's wrong with this?
Filename rules = /etc/MailScanner/rules/filename.rules

Then in filename.rules put this:

From: bob at domain.com /etc/MailScanner/bob.allow.conf
/etc/MailScanner/all.normal.conf
FromOrTo: default /etc/MailScanner/all.normal.conf

Then in bob.allow.conf put this:
allow    bob.exe    -    -

and in all.normal.conf put all your normal deny rules you apply to
everyone else.

Seems perfectly flexible to me :-)

On 31 May 2005, at 15:51, Matt Kehler wrote:

      That doesn't go with what was said last week I don't
      think.
 
Basically then, in filename.bob.rules, I have to have the
ALLOW for BOB.EXE, *AND* then I have to have ALL my other
denys in there that are already in filename.default.rules... 
???  In which case..if I have 10 users that need various
exceptions..then that means if I ever want to change my
master default block list thats in filename.default.rules..I
have to edit all 10 user exception rule files as well as the
filename.default.rules??
 
This is getting pretty frustrating.  All I want is to allow
bob at domain.com to send one file, and then have all of the
default rules applied.  You'd think that would be a trivial
issue to setup, without having to replicate the rules all
over the place. 
 
If it was really like a proper rule processing setup as your
typical firewall (I happen to work with Checkpoint, but all
are pretty much the same), then you'd be able to configure it
so that bob can send the bob.exe file...and if bob.PIF comes
in...it would be blocked by the default rules.  If you can't
do that..then MailScanner is more like making exceptions ONLY
based on user...and that specific user has it entirely
own/separate ruleset.   Thats not an exception; thats 2
rulesets.
 
Matt

>>> ugob at CAMO-ROUTE.COM 5/31/2005 9:25:07 AM >>>
Matt Kehler wrote:
> 
> Another question on the rules...  I have MailScanner.conf
pointing to
> filename.conf.rules ...as per below
> 
> #filename.conf.rules
> FromOrTo:       bob at domain.com
<mailto:bob at domain.com>        
> /etc/MailScanner/rules/filename.bob.rules
> FromOrTo:       default                
> /etc/MailScanner/rules/filename.default.rules
> 
> #filename.bob.rules
> allow   bob.exe    -       -
> #filename.default.rules
>  ~ this has a boatload of denys in in...100 or so
filenames..
> 
> Anyways...with the above config, *ANY FILE* sent from
bob at domain.com
> <mailto:bob at domain.com> is allowed through.  Everything
else works as it
> should (ie, no other users can send exe's or any other file
listed as
> deny in filename.default.rules).  I am assuming because the
rules allow
> bob.exe to get through..but filename.default.rules does NOT
get
> processed after that.  Looking through the emails on the
list regarding
> rules from last week, it would seem I need to change the
> filename.conf.rules so that it adds in the 2nd line as per
below
> 
> #filename.conf.rules
> FromOrTo:       bob at domain.com
<mailto:bob at domain.com>        
> /etc/MailScanner/rules/filename.bob.rules
> FromOrTo:       *@domain.com
> <mailto:*@domain.com>            
/etc/MailScanner/rules/filename.default.rules
> FromOrTo:       default                
> /etc/MailScanner/rules/filename.default.rules
> 
> Is this correct?  Does 'default' not really mean
'everything'?  I take
> it 'default' is only triggered if NO other rules have been
> processed...as opposed to meaning 'default' will ALWAYS get
processed?
> 

Like firewall rules, first rule triggered stop the
processing.  The
default is only processed if no other rule is triggerred.

Ugo

> thx
> Matt
> 
> 
> 
> 
> ------------------------ MailScanner list
------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the
words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki
(http://wiki.mailscanner.info/)
> and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> *Support MailScanner development - buy the book off the
website!*

------------------------ MailScanner list
------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and
the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the
website!
------------------------ MailScanner list
------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the
website!


-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!



More information about the MailScanner mailing list