New feature - hostname lookups in rulesets

Mike M mrm at quantumcc.com
Thu Jun 4 21:39:28 IST 2009 

Julian Field wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> 
> On 02/06/2009 17:59, Mike M wrote:
>> Julian Field wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>>
>>>
>>> On 31/05/2009 20:41, Alex Neuman wrote:
>>>> Wow! This means we can whitelist (gasp!) *blackberry.com 
>>>> <http://blackberry.com> and things like that!
>>> You'll just need to do
>>>      From: host:blackberry.com yes
>>> which will do the job.
>>>> I suggest you add to the description on the comments on the 
>>>> MailScanner.conf file that it's imperative - for performance 
>>>> reasons, besides the fact that it's A Good Idea (tm), that people 
>>>> run their own local caching nameserver.
>>> True enough, I should do that.
>>>
>> Please forgive my ignorance on this, because I'm sure there's 
>> something really simple that I'm missing, but how is this any 
>> different then whitelisting blackberry.com with a line such as:
>>
>> from:    @blackberry.com    yes
>>
>> which I have been doing for many years in my spam.whitelist.rules file?
> That uses the "email sender address" which is trivially forgeable by the 
> sender. It is the email address that the sender claims they are coming 
> from. They may have their Crackberry set up to send their mail from 
> joe at mydomain.com, in which case your rule wouldn't fire at all.
> 
> The new "host:blackberry.com" means "match any email address the 
> originates from an IP address which belongs to the blackberry.com 
> domain". That is the same thing as asking "does it come from a 
> Crackberry?" regardless of how that Crackberry is configured, and is far 
> harder to forge. It is totally unconnected with the email address the 
> email claims to come from.
> 
> But do take note that it takes longer to look up and therefore will 
> cause a performance hit.
> 
> Does that help?
> 
> Jules
> 

Yes, thank you.   Now the next question is: Are you looking at the 
envelope sender address, or the header sender address? or both?

-Mike

More information about the MailScanner mailing list