Custom function white/black list bug?

Sat May 20 19:24:04 IST 2006


Richard Lynch wrote:
> Julian Field wrote:
>> Richard,
>>
>> Kai Schaetzl wrote:
>>> Richard Lynch wrote on Fri, 19 May 2006 22:32:11 -0400:
>>>
>>>  
>>>> I'm using the by domain whitelist/blacklist custom functions.  I'm 
>>>> trying to whitelist a particular "To:" address (abuse at our_domain).  
>>>> I've put that entry into the 
>>>> /etc/MailScanner/spam.bydomain/whitelist/default file.
>>>>     
>> Why not in the spam.bydomain/whitelist/our_domain file? Wouldn't that 
>> make more sense?
> I guess.  I've been using "default" for our_domain.  That way it 
> applies to our_domain and some of the other domains we handle.  I did 
> try putting abuse at our_domain in the spam.bydomain/whitelist/our_domain 
> file and it still didn't get white listed.  It only started working 
> when I added the...
>
> return 1 if $BlackWhite->{'default'}{$to};
>
> ...line of code to the function.
But the files are all users/domains/default recipients. Each line in a 
file gives an entry for the sender going to the user/domain/default 
specified by the filename.
>
>
>>>
>>> I'm not aware of this functionality besides the SQL custom functions 
>>> (see below), but it very much looks like "spam.bydomain" will be 
>>> getting used for the To domain. So, it's intended not to be used for 
>>> single to addresses.
>>>   
>> It is in CustomConfig.pm and has been for a very long time. I should 
>> move it out into a separate file in the CustomFunctions directory 
>> some time, but I'm not sure what might break on current installations 
>> if I do that...
> I understand.... don't do that.  :)
>
>>>   However, when someone sends a spam report to our abuse address it 
>>>> gets flagged as spam and gets deleted.  I'm not sure if this is a 
>>>> bug or not.  Perhaps this facility was designed only for the 
>>>> "From:" address and not the "To:" address.
>>>>     
>>>
>>> It was designed for the To *and* the From address.
>> It works for the envelope sender (From) and the first envelope 
>> recipient (To).
>
> Well it doesn't work for me unless I modify the code as indicated in 
> my original post.  In my case abuse at our_domain is the only recipient.  
> Looking at the code I don't see a check for the "To:" address in the 
> default file.  I see a test for $from, $fromdomain, and $ip.  I don't 
> see a check for $to.  That's why I added the line of code.
There isn't the $to check as the filenames are named after the recipient 
users/domains/default. The contents of each file lists the senders that 
are black/whitelisted for the addresses described by the filename.
>
>
>>>> return 1 if $BlackWhite->{'default'}{$from};  return 1 if 
>>>> $BlackWhite->{'default'}{$fromdomain};  return 1 if 
>>>> $BlackWhite->{'default'}{$ip};
>>>>     
>>>
>>> "default" is actually the wildcard for "To: *"
>>>   
>> The Black and White list stuff can't handle wildcards in addresses or 
>> domains. That's what makes it so fast on large installations. It 
>> doesn't have to evaluate any regular expressions as it traverses a 
>> large set of rules. It just has to do a few hash table lookups which 
>> work like lightning in Perl. The speed of this code basically doesn't 
>> change whether you have 5 entries or 500,000 entries.
>>
> I'm the one who originally asked for you to add the default check.  
> That file is used when there is no match for the 'domain' file.  That 
> is, either the 'domain' file doesn't exist (as in this case) or the 
> address didn't match an entry in the 'domain' file.
>
> I don't really understand the $BlackWhite data structure.  It doesn't 
> look like it checks the $to address and it doesn't work for me unless 
> I add the line of code...
>
> return 1 if $BlackWhite->{'default'}{$to};
>
> So, either it's broken or it wasn't supposed to handle the $to address.
See my comments above.
>
> Thanks,
> Riichard
>

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.