Whitelist and disarming

Glenn Steen glenn.steen at gmail.com
Tue Nov 17 11:30:23 GMT 2009

2009/11/17 Ralph Bornefeld-Ettmann <ilikeuce at bornefeld-ettmann.de>:
> Laszlo Nagy schrieb:
>>  Hi All,
>> I would like  to have Mailscanner do not change some emails, in any way. I
>> have added the source email address to whitelist.rules:
>> # pwd
>> /usr/local/etc/MailScanner/rules
>> # grep @ spam.whitelist.rules
>> From:    *@some_domain.com    yes
>> My problem is that these emails are disarmed. Their subject and content is
>> changed. It is a big problem beacuse these emails contain product stock info
>> updates from our partner, and we have programs that process these emails.
>> However, they cannot process the disarmed emails. I was looking at the
>> documentation but I could not find a way to do this. E.g. configure
>> mailscanner so that mails from "*@some_domain.com" are not disarmed,
>> subject, headers and body not changed. It would be ideal to run virus
>> scanning and spam filtering at the same time (and quarantine spam/virus
>> emails). How can I do this?
>> My system is FreeBSD 7 amd64. Mailscanner version is 4.78.9
>> Thanks,
>>  Laszlo
> I would handle it slightly different :
> create /etc/MailScanner/rules/disarm.rules :
> From:   *@some_domain.com       yes
> FromOrTo:       default         disarm
> replace "disarm" in /etc/MailScanner/MailScanner.conf with
> "%rules-dir%/disarm.rules" where "disarm" is set (e.g. Allow IFrame Tags,
> Allow Form Tags ....)
> restart MailScanner
> So mails is getting scanned and Spam and Virii will be detected but header
> and body will not get disarmed.
> Cheers
> Ralph
A couple of notes:
- Lets be clear about why adding the stansa to spam.whitelist.rules
didn't work... It is only concerned with spam handling, not any other
(dangerous content) scanning at all... Hence the need for something
like what Ralph suggests.

- Use the sending servers IP address instead of a domain glob
pattern... Relying on something that easily forgeable (iow spoofable)
is not good. You should be able to find out which IPs are used and use
that for your whitelist.

- It isn't the brightest idea possible to build an automated system
like that, depending/relying on something that is inherently not that
reliable...;-). Although all messages are guaranteed to be handled,
either by a delivery or a rejection (leading to some type of
bounce/NDN/DSN/whatever), you have no guarantees about _when_ it will
happen. "Within the next few days" might not be good enough;-). If it
is something like index pricing information (MSCI has been known to
use this), it is a really _bad_ idea, since the info is likely not
that ... valid... after a few days delay. "Ok", you might be thinking,
"We'll solve it by setting 'High Priority', so it is guaranteed to go
through fast..." -> Nope. Only thing that does is to make it fail/give
up faster (and decorate your mail with a ghastly exclamation mark, or
similar). So that would only aggravate any problem, not solve it.
We've had this type of setup and are moving away from it as fast as
possible... To more sane things like FTP or, even better, SFTP.

-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list