Reason for whitelisting?

am.lists am.lists at gmail.com
Wed Jul 18 01:27:09 IST 2007


On 7/17/07, Richard D Alloway <ralloway at winbeam.com> wrote:
>
> I am receiving some spam that should be getting flagged or deleted, but is
> being marked as "not spam (whitelisted)" by MailScanner.
>
> When I look at the logs for the offending message, I see things like:
>
> Jul 17 15:49:57 smtp-gateway-4 milter-ahead[2117]: 61096
> l6HJnjqf014254: cacheGet(b411110, 'robjulie at xxxxxxxx', {st=0, cn=1})
> Jul 17 15:49:57 smtp-gateway-4 milter-ahead[2117]: 61096
> l6HJnjqf014254: cacheGet(b411110, 'rockwell at xxxxxxxx', {st=0, cn=1})
> Jul 17 15:49:57 smtp-gateway-4 milter-ahead[2117]: 61096
> l6HJnjqf014254: cacheGet(b411110, 'rome74 at xxxxxxx', {st=0, cn=1})
> Jul 17 15:49:58 smtp-gateway-4 sendmail[14254]:
> l6HJnjqf014254: from=<gadaandstelecommbef at xxxxxxxxxxxxxx>, size=1713,
> class=0, nrcpts=11, msgid=<924405758.55504416941907 at xxxxxxxxxxxxx>,
> proto=ESMTP, daemon=MTA, relay=xxxxxxxxxxxxxxxxxx [xx.xxx.xx.xx] (may
> be forged)
> Jul 17 15:50:23 smtp-gateway-4 MailScanner[10318]: Message l6HJnjqf014254 from
> xx.xxx.xx.xx (gadaandstelecommbef at xxxxxxxxxxxxxx) is whitelisted
> Jul 17 15:50:29 smtp-gateway-4 MailScanner[10318]:
> Message l6HJnjqf014254 from xx.xxx.xx.xx
> (gadaandstelecommbef at xxxxxxxxxxxxxxxxxx) to xxxxxxx is not
> spam (whitelisted),
> SpamAssassin (not cached, score=15.974, required 4, autolearn=spam, BAYES_99
> 8.00, HELO_DYNAMIC_DHCP 1.40, HTML_MESSAGE 0.00, RDNS_DYNAMIC 0.10, URIBL_BLACK
> 3.00, URIBL_JP_SURBL 1.50, URIBL_OB_SURBL 1.50, URIBL_SC_SURBL 0.47)
> Jul 17 15:50:36 smtp-gateway-4 MailScanner[10318]: <A>
> tag found in message l6HJnjqf014254 from gadaandstelecommbef at xxxxxxxxxxxxxxxx
> Jul 17 15:50:37 smtp-gateway-4 sendmail[14848]: l6HJnjqf014254:
> to=<rome74 at xxxxxxxx>,<rockwell at xxxxxxxx>,<robjulie at xxxxxxxx>, delay=00:00:40,
> xdelay=00:00:00, mailer=smtp, pri=421713, relay=mail.xxxxxxxxx
> [xx.xx.xx.xx], dsn=2.0.0, stat=Sent (ok 1184701833 qp 906)
>

Robert,

Did you by chance download/install a pre-configured kit? Some have
pre-defined "known-good" senders pre-populated in a sql table
somewhere.

Also, the SARE rule  70_sare_whitelist.cf contains several known-good's too.

Perhaps if you shared the final MTA's IP here some of us would be
willing to test for it in our systems as well.

Regds,
Angelo


More information about the MailScanner mailing list