New feature - hostname lookups in rulesets

Julian Field MailScanner at
Thu Jun 4 21:52:12 IST 2009

Hash: SHA1

On 04/06/2009 21:39, Mike M wrote:
> Julian Field wrote:
>> Hash: SHA1
>> On 02/06/2009 17:59, Mike M wrote:
>>> Julian Field wrote:
>>>> Hash: SHA1
>>>> On 31/05/2009 20:41, Alex Neuman wrote:
>>>>> Wow! This means we can whitelist (gasp!) * 
>>>>> <> and things like that!
>>>> You'll just need to do
>>>>      From: yes
>>>> which will do the job.
>>>>> I suggest you add to the description on the comments on the 
>>>>> MailScanner.conf file that it's imperative - for performance 
>>>>> reasons, besides the fact that it's A Good Idea (tm), that people 
>>>>> run their own local caching nameserver.
>>>> True enough, I should do that.
>>> Please forgive my ignorance on this, because I'm sure there's 
>>> something really simple that I'm missing, but how is this any 
>>> different then whitelisting with a line such as:
>>> from:    yes
>>> which I have been doing for many years in my spam.whitelist.rules file?
>> That uses the "email sender address" which is trivially forgeable by 
>> the sender. It is the email address that the sender claims they are 
>> coming from. They may have their Crackberry set up to send their mail 
>> from joe at, in which case your rule wouldn't fire at all.
>> The new "" means "match any email address the 
>> originates from an IP address which belongs to the 
>> domain". That is the same thing as asking "does it come from a 
>> Crackberry?" regardless of how that Crackberry is configured, and is 
>> far harder to forge. It is totally unconnected with the email address 
>> the email claims to come from.
>> But do take note that it takes longer to look up and therefore will 
>> cause a performance hit.
>> Does that help?
>> Jules
> Yes, thank you.   Now the next question is: Are you looking at the 
> envelope sender address, or the header sender address? or both?
MailScanner has always used the envelope addresses, not the headers. The 
envelope recipient address is the only one that is sure to be right.


- -- 
Julian Field MEng CITP CEng
Buy the MailScanner book at
Follow me at

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key:

Version: PGP Desktop 9.10.0 (Build 500)
Comment: Use PGP or Thunderbird Enigmail to verify this message
Charset: ISO-8859-1


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list