Custom function white/black list bug?
Richard Lynch
rich at mail.wvnet.edu
Sat May 20 18:56:39 IST 2006
Julian Field wrote:
> Richard,
>
> Kai Schaetzl wrote:
>> Richard Lynch wrote on Fri, 19 May 2006 22:32:11 -0400:
>>
>>
>>> I'm using the by domain whitelist/blacklist custom functions. I'm
>>> trying to whitelist a particular "To:" address (abuse at our_domain).
>>> I've put that entry into the
>>> /etc/MailScanner/spam.bydomain/whitelist/default file.
>>>
> Why not in the spam.bydomain/whitelist/our_domain file? Wouldn't that
> make more sense?
I guess. I've been using "default" for our_domain. That way it applies
to our_domain and some of the other domains we handle. I did try
putting abuse at our_domain in the spam.bydomain/whitelist/our_domain file
and it still didn't get white listed. It only started working when I
added the...
return 1 if $BlackWhite->{'default'}{$to};
...line of code to the function.
>>
>> I'm not aware of this functionality besides the SQL custom functions
>> (see below), but it very much looks like "spam.bydomain" will be
>> getting used for the To domain. So, it's intended not to be used for
>> single to addresses.
>>
> It is in CustomConfig.pm and has been for a very long time. I should
> move it out into a separate file in the CustomFunctions directory some
> time, but I'm not sure what might break on current installations if I
> do that...
I understand.... don't do that. :)
>> However, when someone sends a spam report to our abuse address it
>>> gets flagged as spam and gets deleted. I'm not sure if this is a
>>> bug or not. Perhaps this facility was designed only for the "From:"
>>> address and not the "To:" address.
>>>
>>
>> It was designed for the To *and* the From address.
> It works for the envelope sender (From) and the first envelope
> recipient (To).
Well it doesn't work for me unless I modify the code as indicated in my
original post. In my case abuse at our_domain is the only recipient.
Looking at the code I don't see a check for the "To:" address in the
default file. I see a test for $from, $fromdomain, and $ip. I don't
see a check for $to. That's why I added the line of code.
>>> return 1 if $BlackWhite->{'default'}{$from}; return 1 if
>>> $BlackWhite->{'default'}{$fromdomain}; return 1 if
>>> $BlackWhite->{'default'}{$ip};
>>>
>>
>> "default" is actually the wildcard for "To: *"
>>
> The Black and White list stuff can't handle wildcards in addresses or
> domains. That's what makes it so fast on large installations. It
> doesn't have to evaluate any regular expressions as it traverses a
> large set of rules. It just has to do a few hash table lookups which
> work like lightning in Perl. The speed of this code basically doesn't
> change whether you have 5 entries or 500,000 entries.
>
I'm the one who originally asked for you to add the default check. That
file is used when there is no match for the 'domain' file. That is,
either the 'domain' file doesn't exist (as in this case) or the address
didn't match an entry in the 'domain' file.
I don't really understand the $BlackWhite data structure. It doesn't
look like it checks the $to address and it doesn't work for me unless I
add the line of code...
return 1 if $BlackWhite->{'default'}{$to};
So, either it's broken or it wasn't supposed to handle the $to address.
Thanks,
Riichard
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rich.vcf
Type: text/x-vcard
Size: 299 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060520/42ecb9fa/rich.vcf
More information about the MailScanner
mailing list