Reason for whitelisting?

Richard D Alloway ralloway at winbeam.com
Thu Jul 19 16:59:28 IST 2007 

On 7/18/07, am.lists <am.lists <at> gmail.com> wrote:
>
>On 7/17/07, Richard D Alloway <ralloway <at> winbeam.com> wrote:
>>
>> I am receiving some spam that should be getting flagged or deleted, but is
>> being marked as "not spam (whitelisted)" by MailScanner.
>>
>> When I look at the logs for the offending message, I see things like:
>>
>> Jul 17 15:49:57 smtp-gateway-4 milter-ahead[2117]: 61096
>> l6HJnjqf014254: cacheGet(b411110, 'robjulie <at> xxxxxxxx', {st=0, cn=1})
>> Jul 17 15:49:57 smtp-gateway-4 milter-ahead[2117]: 61096
>> l6HJnjqf014254: cacheGet(b411110, 'rockwell <at> xxxxxxxx', {st=0, cn=1})
>> Jul 17 15:49:57 smtp-gateway-4 milter-ahead[2117]: 61096
>> l6HJnjqf014254: cacheGet(b411110, 'rome74 <at> xxxxxxx', {st=0, cn=1})
>> Jul 17 15:49:58 smtp-gateway-4 sendmail[14254]:
>> l6HJnjqf014254: from=<gadaandstelecommbef <at> xxxxxxxxxxxxxx>, size=1713,
>> class=0, nrcpts=11, msgid=<924405758.55504416941907 <at> xxxxxxxxxxxxx>,
>> proto=ESMTP, daemon=MTA, relay=xxxxxxxxxxxxxxxxxx [xx.xxx.xx.xx] (may
>> be forged)
>> Jul 17 15:50:23 smtp-gateway-4 MailScanner[10318]: Message l6HJnjqf014254 
>from
>> xx.xxx.xx.xx (gadaandstelecommbef <at> xxxxxxxxxxxxxx) is whitelisted
>> Jul 17 15:50:29 smtp-gateway-4 MailScanner[10318]:
>> Message l6HJnjqf014254 from xx.xxx.xx.xx
>> (gadaandstelecommbef <at> xxxxxxxxxxxxxxxxxx) to xxxxxxx is not
>> spam (whitelisted),
>> SpamAssassin (not cached, score=15.974, required 4, autolearn=spam, BAYES_99
>> 8.00, HELO_DYNAMIC_DHCP 1.40, HTML_MESSAGE 0.00, RDNS_DYNAMIC 0.10, 
>>URIBL_BLACK
>> 3.00, URIBL_JP_SURBL 1.50, URIBL_OB_SURBL 1.50, URIBL_SC_SURBL 0.47)
>> Jul 17 15:50:36 smtp-gateway-4 MailScanner[10318]: <A>
>> tag found in message l6HJnjqf014254 from gadaandstelecommbef <at> 
>>xxxxxxxxxxxxxxxx
>> Jul 17 15:50:37 smtp-gateway-4 sendmail[14848]: l6HJnjqf014254:
>> to=<rome74 <at> xxxxxxxx>,<rockwell <at> xxxxxxxx>,<robjulie <at> xxxxxxxx>, 
>>delay=00:00:40,
>> xdelay=00:00:00, mailer=smtp, pri=421713, relay=mail.xxxxxxxxx
>> [xx.xx.xx.xx], dsn=2.0.0, stat=Sent (ok 1184701833 qp 906)
>>
>
>Robert,
>
>Did you by chance download/install a pre-configured kit? Some have
>pre-defined "known-good" senders pre-populated in a sql table
>somewhere.
>
>Also, the SARE rule  70_sare_whitelist.cf contains several known-good's too.
>
>Perhaps if you shared the final MTA's IP here some of us would be
>willing to test for it in our systems as well.
>
>Regds,
>Angelo

Thanks, Angelo.

This is a "from scratch" MailScanner installation (with custom 
MailScanner rulesets, of course) with Julian's ClamSA, Rules Du Jour and a 
couple custom spamassassin rules.

I do not have 70_sare_whitelist.cf

The IP for the last MTA (smtp-gateway-4) is 64.84.97.69.

Thanks!

-Rich

More information about the MailScanner mailing list