New feature - hostname lookups in rulesets

Mike M mrm at
Thu Jun 4 21:39:28 IST 2009

Julian Field wrote:
> Hash: SHA1
> On 02/06/2009 17:59, Mike M wrote:
>> Julian Field wrote:
>>> Hash: SHA1
>>> On 31/05/2009 20:41, Alex Neuman wrote:
>>>> Wow! This means we can whitelist (gasp!) * 
>>>> <> and things like that!
>>> You'll just need to do
>>>      From: yes
>>> which will do the job.
>>>> I suggest you add to the description on the comments on the 
>>>> MailScanner.conf file that it's imperative - for performance 
>>>> reasons, besides the fact that it's A Good Idea (tm), that people 
>>>> run their own local caching nameserver.
>>> True enough, I should do that.
>> Please forgive my ignorance on this, because I'm sure there's 
>> something really simple that I'm missing, but how is this any 
>> different then whitelisting with a line such as:
>> from:    yes
>> which I have been doing for many years in my spam.whitelist.rules file?
> That uses the "email sender address" which is trivially forgeable by the 
> sender. It is the email address that the sender claims they are coming 
> from. They may have their Crackberry set up to send their mail from 
> joe at, in which case your rule wouldn't fire at all.
> The new "" means "match any email address the 
> originates from an IP address which belongs to the 
> domain". That is the same thing as asking "does it come from a 
> Crackberry?" regardless of how that Crackberry is configured, and is far 
> harder to forge. It is totally unconnected with the email address the 
> email claims to come from.
> But do take note that it takes longer to look up and therefore will 
> cause a performance hit.
> Does that help?
> Jules

Yes, thank you.   Now the next question is: Are you looking at the 
envelope sender address, or the header sender address? or both?


More information about the MailScanner mailing list