rules help

Matt Kehler mkehler at WRHA.MB.CA
Tue May 31 16:53:15 IST 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Mine too :).   But it all works now, tested and verified. I was missing
adding the 2nd conf in the same line for bob at domain.com  ..as per below
 
#filename.conf.rules
From: bob at domain.com /etc/MailScanner/bob.allow.conf
/etc/MailScanner/all.normal.conf
FromOrTo: default /etc/MailScanner/all.normal.conf
 
thanks everyone
Matt

>>> MailScanner at ECS.SOTON.AC.UK 5/31/2005 10:48:28 AM >>>
My head hurts...

On 31 May 2005, at 16:23, Ugo Bellavance wrote:

> Matt Kehler wrote:
>
>> That doesn't go with what was said last week I don't think.
>>  Basically then, in filename.bob.rules, I have to have the ALLOW 
>> for BOB.EXE, *AND* then I have to have ALL my other denys in there 
>> that are already in filename.default.rules...  ???  In which 
>> case..if I have 10 users that need various exceptions..then that 
>> means if I ever want to change my master default block list thats 
>> in filename.default.rules..I have to edit all 10 user exception 
>> rule files as well as the filename.default.rules??
>>  This is getting pretty frustrating.  All I want is to allow 
>> bob at domain.com <mailto:bob at domain.com> to send one file, and then 
>> have all of the default rules applied.  You'd think that would be 
>> a trivial issue to setup, without having to replicate the rules 
>> all over the place.  If it was really like a proper rule 
>> processing setup as your typical firewall (I happen to work with 
>> Checkpoint, but all are pretty much the same), then you'd be able 
>> to configure it so that bob can send the bob.exe file...and if 
>> bob.PIF comes in...it would be blocked by the default rules.  If 
>> you can't do that..then MailScanner is more like making exceptions 
>> ONLY based on user...and that specific user has it entirely own/
>> separate ruleset.   Thats not an exception; thats 2 rulesets.
>>
>
> I never said MailScanner could do exceptions.  In fact, I said the 
> opposite, in some post in this thread.
>
> I'm not a ruleset guru, but based on what Julian said in that post:
>
> <quoting Julian>
>
> To: user at domain.com filename.allowexe.conf
> To *@domain.com filename.normal.conf
> FromOrTo: default filename.rules.conf
>
> If a message arrives addressed to user at domain.com, the rules 
> applied are
> all those in filename.allowexe.conf followed by filename.normal.conf.
>
> If a message arrives addressed to any-other-user at domain.com, the rules
> applied are all those in filename.normal.conf.
>
> Mail from or to anywhere else has the filename.rules.conf applied.
> </quoting>
>
> So if you would make, instead of *@domain.com, a line with total 
> wildcards, you'd probably be able to get the result you want.  
> However, make sure you'll never hit the default.
>
> Julian, could you confirm (theoratically) what I said here, so that 
> I'm not misleading anyone?
>
> Ugo
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
>

--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!



More information about the MailScanner mailing list