rules help

Ugo Bellavance ugob at CAMO-ROUTE.COM
Tue May 31 16:23:31 IST 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Matt Kehler wrote:
> That doesn't go with what was said last week I don't think.
>  
> Basically then, in filename.bob.rules, I have to have the ALLOW for 
> BOB.EXE, *AND* then I have to have ALL my other denys in there that are 
> already in filename.default.rules...  ???  In which case..if I have 10 
> users that need various exceptions..then that means if I ever want to 
> change my master default block list thats in filename.default.rules..I 
> have to edit all 10 user exception rule files as well as the 
> filename.default.rules??
>  
> This is getting pretty frustrating.  All I want is to allow 
> bob at domain.com <mailto:bob at domain.com> to send one file, and then have 
> all of the default rules applied.  You'd think that would be a trivial 
> issue to setup, without having to replicate the rules all over the place. 
>  
> If it was really like a proper rule processing setup as your typical 
> firewall (I happen to work with Checkpoint, but all are pretty much the 
> same), then you'd be able to configure it so that bob can send the 
> bob.exe file...and if bob.PIF comes in...it would be blocked by the 
> default rules.  If you can't do that..then MailScanner is more like 
> making exceptions ONLY based on user...and that specific user has it 
> entirely own/separate ruleset.   Thats not an exception; thats 2 rulesets.

I never said MailScanner could do exceptions.  In fact, I said the 
opposite, in some post in this thread.

I'm not a ruleset guru, but based on what Julian said in that post:

<quoting Julian>

To: user at domain.com filename.allowexe.conf
To *@domain.com filename.normal.conf
FromOrTo: default filename.rules.conf

If a message arrives addressed to user at domain.com, the rules applied are
all those in filename.allowexe.conf followed by filename.normal.conf.

If a message arrives addressed to any-other-user at domain.com, the rules
applied are all those in filename.normal.conf.

Mail from or to anywhere else has the filename.rules.conf applied.
</quoting>

So if you would make, instead of *@domain.com, a line with total 
wildcards, you'd probably be able to get the result you want.  However, 
make sure you'll never hit the default.

Julian, could you confirm (theoratically) what I said here, so that I'm 
not misleading anyone?

Ugo

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list