rules help

Julian Field MailScanner at ecs.soton.ac.uk
Tue May 31 16:48:28 IST 2005 

My head hurts...

On 31 May 2005, at 16:23, Ugo Bellavance wrote:

> Matt Kehler wrote:
>
>> That doesn't go with what was said last week I don't think.
>>  Basically then, in filename.bob.rules, I have to have the ALLOW  
>> for BOB.EXE, *AND* then I have to have ALL my other denys in there  
>> that are already in filename.default.rules...  ???  In which  
>> case..if I have 10 users that need various exceptions..then that  
>> means if I ever want to change my master default block list thats  
>> in filename.default.rules..I have to edit all 10 user exception  
>> rule files as well as the filename.default.rules??
>>  This is getting pretty frustrating.  All I want is to allow  
>> bob at domain.com <mailto:bob at domain.com> to send one file, and then  
>> have all of the default rules applied.  You'd think that would be  
>> a trivial issue to setup, without having to replicate the rules  
>> all over the place.  If it was really like a proper rule  
>> processing setup as your typical firewall (I happen to work with  
>> Checkpoint, but all are pretty much the same), then you'd be able  
>> to configure it so that bob can send the bob.exe file...and if  
>> bob.PIF comes in...it would be blocked by the default rules.  If  
>> you can't do that..then MailScanner is more like making exceptions  
>> ONLY based on user...and that specific user has it entirely own/ 
>> separate ruleset.   Thats not an exception; thats 2 rulesets.
>>
>
> I never said MailScanner could do exceptions.  In fact, I said the  
> opposite, in some post in this thread.
>
> I'm not a ruleset guru, but based on what Julian said in that post:
>
> <quoting Julian>
>
> To: user at domain.com filename.allowexe.conf
> To *@domain.com filename.normal.conf
> FromOrTo: default filename.rules.conf
>
> If a message arrives addressed to user at domain.com, the rules  
> applied are
> all those in filename.allowexe.conf followed by filename.normal.conf.
>
> If a message arrives addressed to any-other-user at domain.com, the rules
> applied are all those in filename.normal.conf.
>
> Mail from or to anywhere else has the filename.rules.conf applied.
> </quoting>
>
> So if you would make, instead of *@domain.com, a line with total  
> wildcards, you'd probably be able to get the result you want.   
> However, make sure you'll never hit the default.
>
> Julian, could you confirm (theoratically) what I said here, so that  
> I'm not misleading anyone?
>
> Ugo
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
>

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list