{Disarmed} Confusion regarding whitelisting...
(scan.messages.rules vs. spam.whitelist.rules?)
Glenn Steen
glenn.steen at gmail.com
Mon Jul 16 23:43:06 IST 2007
On 16/07/07, Rick Tait <rickt at rickt.org> wrote:
> On 7/16/07, Julian Field <MailScanner at ecs.soton.ac.uk> wrote:
>
>
> Julian -- I appreciate your response sir!
>
> > > I am trying to make sure that certain emails are NOT spam-checked (
> > > It is my understanding that I can use the "Scan
> > > Messages" directive for this.
> > If you use that, it will not virus-scan them either. If you just want to
> > stop spam checks, use "Spam Checks" for doing this.
>
> Understood, thank you for the clarification. I will definitely move back to
> using Spam Checks for the whitelisting.
>
> > Check that the envelope sender address is really where the message is
> > claiming to come from, for starters.
>
> Yes, I already have done that -- I should have mentioned that in my initial
> post to the list. It's definitely a legit email/sender. Here are the
> relevant headers:
>
> --- snip ---
> From: Info List < jeffgund at infolist.com>
> X-MailScanner: CLEAN
> X-MailScanner-SpamCheck: spam, SpamAssassin (not cached,
> score=6.958, required 4.8, BAYES_50 2.50, HTML_30_40 0.37,
> HTML_MESSAGE 0.00, HTML_MIME_NO_HTML_TAG 1.08, MIME_HTML_ONLY 0.00,
> UNPARSEABLE_RELAY 3.00)
> X-MailScanner-SpamScore: ssssss
> X-MailScanner-From: root at www.infolist.com
> --- snip ---
>
> So that definitely does seem legit. And bear in mind what I have in my
> whitelist file:
>
> --- snip ---
> From: jeffgund at infolist.com no
> ToOrFrom: default yes
> --- snip ---
>
> I'm stumped! By the way, this issue (whitelisting not working) does not seem
> to be isolated to just this remote user. It does not appear to be working in
> general. Everything else is working beautifully.
>
> Thanks so much for your help in advance!
>
> -Rick.
>
Maillog is where you might see that the sender really is what you
think it is (as pointed out by Peter, the From: has no bearing on
anything real... Envelope sender is also very easily spoofed, but the
From: could contain just about anything... or nothing:)... And when
doing this type of "whitelisting", keep in mind that there are a few
different things you might want to whitelist as well, to reac
different results (filename/filetype, phishing ... ) and that how todo
that might differ...
Also, using _only_ the envelope sender (which is very easily spoofed)
for whitelisting is generally not a good idea... Using the sending IP
address is much better, but perhaps harder to obtain/maintain... And
you will have to split multi-recipient mails into one mail/recipient,
to be sure that your whitelists really work as you expect them. Look
in the wiki how todo that.
Cheers
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
More information about the MailScanner
mailing list