Custom function white/black list bug?

Julian Field MailScanner at ecs.soton.ac.uk
Sat May 20 19:24:04 IST 2006



Richard Lynch wrote:
> Julian Field wrote:
>> Richard,
>>
>> Kai Schaetzl wrote:
>>> Richard Lynch wrote on Fri, 19 May 2006 22:32:11 -0400:
>>>
>>>  
>>>> I'm using the by domain whitelist/blacklist custom functions.  I'm 
>>>> trying to whitelist a particular "To:" address (abuse at our_domain).  
>>>> I've put that entry into the 
>>>> /etc/MailScanner/spam.bydomain/whitelist/default file.
>>>>     
>> Why not in the spam.bydomain/whitelist/our_domain file? Wouldn't that 
>> make more sense?
> I guess.  I've been using "default" for our_domain.  That way it 
> applies to our_domain and some of the other domains we handle.  I did 
> try putting abuse at our_domain in the spam.bydomain/whitelist/our_domain 
> file and it still didn't get white listed.  It only started working 
> when I added the...
>
> return 1 if $BlackWhite->{'default'}{$to};
>
> ...line of code to the function.
But the files are all users/domains/default recipients. Each line in a 
file gives an entry for the sender going to the user/domain/default 
specified by the filename.
>
>
>>>
>>> I'm not aware of this functionality besides the SQL custom functions 
>>> (see below), but it very much looks like "spam.bydomain" will be 
>>> getting used for the To domain. So, it's intended not to be used for 
>>> single to addresses.
>>>   
>> It is in CustomConfig.pm and has been for a very long time. I should 
>> move it out into a separate file in the CustomFunctions directory 
>> some time, but I'm not sure what might break on current installations 
>> if I do that...
> I understand.... don't do that.  :)
>
>>>   However, when someone sends a spam report to our abuse address it 
>>>> gets flagged as spam and gets deleted.  I'm not sure if this is a 
>>>> bug or not.  Perhaps this facility was designed only for the 
>>>> "From:" address and not the "To:" address.
>>>>     
>>>
>>> It was designed for the To *and* the From address.
>> It works for the envelope sender (From) and the first envelope 
>> recipient (To).
>
> Well it doesn't work for me unless I modify the code as indicated in 
> my original post.  In my case abuse at our_domain is the only recipient.  
> Looking at the code I don't see a check for the "To:" address in the 
> default file.  I see a test for $from, $fromdomain, and $ip.  I don't 
> see a check for $to.  That's why I added the line of code.
There isn't the $to check as the filenames are named after the recipient 
users/domains/default. The contents of each file lists the senders that 
are black/whitelisted for the addresses described by the filename.
>
>
>>>> return 1 if $BlackWhite->{'default'}{$from};  return 1 if 
>>>> $BlackWhite->{'default'}{$fromdomain};  return 1 if 
>>>> $BlackWhite->{'default'}{$ip};
>>>>     
>>>
>>> "default" is actually the wildcard for "To: *"
>>>   
>> The Black and White list stuff can't handle wildcards in addresses or 
>> domains. That's what makes it so fast on large installations. It 
>> doesn't have to evaluate any regular expressions as it traverses a 
>> large set of rules. It just has to do a few hash table lookups which 
>> work like lightning in Perl. The speed of this code basically doesn't 
>> change whether you have 5 entries or 500,000 entries.
>>
> I'm the one who originally asked for you to add the default check.  
> That file is used when there is no match for the 'domain' file.  That 
> is, either the 'domain' file doesn't exist (as in this case) or the 
> address didn't match an entry in the 'domain' file.
>
> I don't really understand the $BlackWhite data structure.  It doesn't 
> look like it checks the $to address and it doesn't work for me unless 
> I add the line of code...
>
> return 1 if $BlackWhite->{'default'}{$to};
>
> So, either it's broken or it wasn't supposed to handle the $to address.
See my comments above.
>
> Thanks,
> Riichard
>

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.



More information about the MailScanner mailing list