{Spam?} Re: Changin MX machine to it's own, recommendations please...

[Julian Field]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Rob Morin wrote:
> Right thats not the problem... i want to leave it scan locally made 
> messages... but i do not want to scan messages coming in from a 
> certain IP.... i have this in the rules files....
> From:   192.186.63.158            yes
>
> in both ..
>
> spam.whitelist.rules
> virus.scanning.rules
The spam.whitelist.rules is attached to the "Is Definitely Not Spam" 
option. So if it says "yes", it means that mail from that IP "is 
definitely not spam", which is what you want.

But if you attach the same line to "Virus Scanning", the "yes" means 
that the result of this line is for mail from this IP to say "Virus 
Scanning = yes", which is apparently not what you want.

Rulesets are really very simple. They supply a different result value 
for the configuration setting they are attached to, depending on 
criteria about where the email message came from or is going to. So if 
you say
From:   1.2.3.4   yes
To:   mydomain.com   no
then if you get mail from the IP address 1.2.3.4 then it's equivalent to 
saying
Config Option = yes
for whatever option the ruleset is attached to.
If the mail you get is addressed to some-user at mydomain.com, then it's 
equivalent to saying
Config Option = no
for whatever option the ruleset is attached to.

You attach a ruleset to an option by replacing
Config Option = yes (for example)
with
Config Option = /path/to/ruleset/file.rules

That's it. That's all there is to it. I have tried to explain it to 
death and give examples in the distribution, the docs, the wiki and the 
book.

But still people don't get it. Maybe they don't read the docs? At that 
point, there's not much I can do.
>
> so that no scanning takes place from that IP ONLY all others will get 
> scanned.... but what i do not know is, does it still scan and  it adds 
> a negative score to the email or does it simply say, "Oh, its in my 
> whitle list, i won't bother to scan it" as then the actual  scan 
> process and SA process will still run , and still take  cpu away from 
> the machine....
>
>
> Rob Morin
> Dido InterNet Inc.
> Montreal, Canada
> Http://www.dido.ca
> 514-990-4444
>
>
>
> Alex Neuman wrote:
>> Rob Morin escribió:
>>> do not scan for spam ro virus for any email coming form this machine 
>>> IP? as i need the load to go done on the older machine and do not 
>>> want MS being used for anything other than email going out form web 
>>> apps on the server....
>> The problem is that Web Apps running on the server (like a PHP-based 
>> CMS for example) will send mail that appears to come from 127.0.0.1 
>> if the webpage is running on the same server MailScanner is running, 
>> so whitelisting that IP will mean that if your server is compromised 
>> it will send out bad e-mails without any sort of control.
>>
>> Otherwise you can use "scan messages" along with a ruleset to avoid 
>> scanning local messages.
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.6 (Build 6060)

iQA/AwUBRFejBhH2WUcUFbZUEQK7MgCeNQ62qvOiEwQrLDzq7eKOfq0qZSAAoPLz
Y3l8vRtltcnoAajNCo+JdKBo
=3P7C
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.