New feature - hostname lookups in rulesets

Julian Field MailScanner at ecs.soton.ac.uk
Tue Jun 2 18:46:04 IST 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 02/06/2009 17:59, Mike M wrote:
> Julian Field wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>
>>
>> On 31/05/2009 20:41, Alex Neuman wrote:
>>> Wow! This means we can whitelist (gasp!) *blackberry.com 
>>> <http://blackberry.com> and things like that!
>> You'll just need to do
>>      From: host:blackberry.com yes
>> which will do the job.
>>> I suggest you add to the description on the comments on the 
>>> MailScanner.conf file that it's imperative - for performance 
>>> reasons, besides the fact that it's A Good Idea (tm), that people 
>>> run their own local caching nameserver.
>> True enough, I should do that.
>>
>
> Please forgive my ignorance on this, because I'm sure there's 
> something really simple that I'm missing, but how is this any 
> different then whitelisting blackberry.com with a line such as:
>
> from:    @blackberry.com    yes
>
> which I have been doing for many years in my spam.whitelist.rules file?
That uses the "email sender address" which is trivially forgeable by the 
sender. It is the email address that the sender claims they are coming 
from. They may have their Crackberry set up to send their mail from 
joe at mydomain.com, in which case your rule wouldn't fire at all.

The new "host:blackberry.com" means "match any email address the 
originates from an IP address which belongs to the blackberry.com 
domain". That is the same thing as asking "does it come from a 
Crackberry?" regardless of how that Crackberry is configured, and is far 
harder to forge. It is totally unconnected with the email address the 
email claims to come from.

But do take note that it takes longer to look up and therefore will 
cause a performance hit.

Does that help?

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Follow me at twitter.com/JulesFM

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.10.0 (Build 500)
Comment: Use PGP or Thunderbird Enigmail to verify this message
Charset: ISO-8859-1

wj8DBQFKJWVeEfZZRxQVtlQRAgU2AKD9NKJKE5Z1GRuIkWx64GsnEZGHSQCgj/OC
C4ioDXMwdD9/ETazn9RvxiM=
=kZe9
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list