New feature - hostname lookups in rulesets

Julian Field MailScanner at
Tue Jun 2 18:46:04 IST 2009

Hash: SHA1

On 02/06/2009 17:59, Mike M wrote:
> Julian Field wrote:
>> Hash: SHA1
>> On 31/05/2009 20:41, Alex Neuman wrote:
>>> Wow! This means we can whitelist (gasp!) * 
>>> <> and things like that!
>> You'll just need to do
>>      From: yes
>> which will do the job.
>>> I suggest you add to the description on the comments on the 
>>> MailScanner.conf file that it's imperative - for performance 
>>> reasons, besides the fact that it's A Good Idea (tm), that people 
>>> run their own local caching nameserver.
>> True enough, I should do that.
> Please forgive my ignorance on this, because I'm sure there's 
> something really simple that I'm missing, but how is this any 
> different then whitelisting with a line such as:
> from:    yes
> which I have been doing for many years in my spam.whitelist.rules file?
That uses the "email sender address" which is trivially forgeable by the 
sender. It is the email address that the sender claims they are coming 
from. They may have their Crackberry set up to send their mail from 
joe at, in which case your rule wouldn't fire at all.

The new "" means "match any email address the 
originates from an IP address which belongs to the 
domain". That is the same thing as asking "does it come from a 
Crackberry?" regardless of how that Crackberry is configured, and is far 
harder to forge. It is totally unconnected with the email address the 
email claims to come from.

But do take note that it takes longer to look up and therefore will 
cause a performance hit.

Does that help?


- -- 
Julian Field MEng CITP CEng
Buy the MailScanner book at
Follow me at

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key:

Version: PGP Desktop 9.10.0 (Build 500)
Comment: Use PGP or Thunderbird Enigmail to verify this message
Charset: ISO-8859-1


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list