New feature - hostname lookups in rulesets
mrm at quantumcc.com
Thu Jun 4 21:39:28 IST 2009
Julian Field wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On 02/06/2009 17:59, Mike M wrote:
>> Julian Field wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>> On 31/05/2009 20:41, Alex Neuman wrote:
>>>> Wow! This means we can whitelist (gasp!) *blackberry.com
>>>> <http://blackberry.com> and things like that!
>>> You'll just need to do
>>> From: host:blackberry.com yes
>>> which will do the job.
>>>> I suggest you add to the description on the comments on the
>>>> MailScanner.conf file that it's imperative - for performance
>>>> reasons, besides the fact that it's A Good Idea (tm), that people
>>>> run their own local caching nameserver.
>>> True enough, I should do that.
>> Please forgive my ignorance on this, because I'm sure there's
>> something really simple that I'm missing, but how is this any
>> different then whitelisting blackberry.com with a line such as:
>> from: @blackberry.com yes
>> which I have been doing for many years in my spam.whitelist.rules file?
> That uses the "email sender address" which is trivially forgeable by the
> sender. It is the email address that the sender claims they are coming
> from. They may have their Crackberry set up to send their mail from
> joe at mydomain.com, in which case your rule wouldn't fire at all.
> The new "host:blackberry.com" means "match any email address the
> originates from an IP address which belongs to the blackberry.com
> domain". That is the same thing as asking "does it come from a
> Crackberry?" regardless of how that Crackberry is configured, and is far
> harder to forge. It is totally unconnected with the email address the
> email claims to come from.
> But do take note that it takes longer to look up and therefore will
> cause a performance hit.
> Does that help?
Yes, thank you. Now the next question is: Are you looking at the
envelope sender address, or the header sender address? or both?
More information about the MailScanner