Ruleset Syntax

Julian Field MailScanner at ecs.soton.ac.uk
Fri Feb 24 14:26:28 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----


On 24 Feb 2006, at 13:11, Paul Houselander wrote:

> Hi
>
> Ive set a ruleset as follows
>
> Scan Messages = %rules-dir%/scan.messages.rules
>
> In %rules-dir/scan.message.rules I have
>
> From:	user at domain1.com	and To: *@domain2.com no
> To:	*@domain2.com	yes
> FromOrTo:	default	no
>
> When im sending an email from user at domain1.com to  
> anyone at domain2.com the
> message IS being scanned?
>
> Have I got the syntax wrong here?

Looks like the Scan Messages setting is an "all matches" rule. If any  
rule for this option says "yes" then the message will be scanned.  
What you are looking for is a "first match" rule so that it stops  
searching the rules after the first hit and uses that setting.

I went for "all matches" for this one on the basis that you normally  
want to tend towards scanning the message if any of the recipients  
match a rule that says yes. You only want to _not_ scan it if all the  
rules say no.

If you are prepared to apply a quick patch, edit /usr/lib/MailScanner/ 
MailScanner/ConfigDefs.pl. Find the line that starts with "ScanMail"  
and move it from the [All,YesNo] section into the [First,YesNo]  
section. Then restart MailScanner. "ScanMail" is the internal name I  
used when implementing the code for the setting that eventually got  
called "Scan Messages"; there is an internal to external translation  
table at the top of that file.

Having a feature like being able to break out of a ruleset if a rule  
matched would be helpful in situations like this, but I hate playing  
with the configuration compiler. It works very well and is roughly  
3000 lines of complicated code.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.5 (Build 5050)

iQEVAwUBQ/8Xlfw32o+k+q+hAQHkygf/VHaYwgSCaKW0ti7jSJmAhQeUIQI6lIaw
mOigmVkB/w0CVvoG1PaWoQFupnVQAZ2dOgT+oeXjPRYZQDkoVoVdpwjpvIeDB9cN
Wico3GTvvwd1Zwl9ICAyuKFIU1+wX+Mz5z0SIT4+qLXdptFWzdC3O3J8ch4bG54g
TQkdkCKuSJg+szMjubxJWZM1BZwPBCk2OlWDWdrpjNVGBxmthWUgNHNv+Q4fhku5
ZXlMRuJ/nC+2G9C/aKIiKwZvE6lpHgxGEY63qRNqbGcrEVgOtl1bRK1EFZ6RT48t
8VombOPUDGcx5TnAE9TVBu35jJ7qdxjhPD1v7g7iQ/qtxGX6p3rjFg==
=Srk8
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list