Whitelisting.

Richard Mealing richard at fastnet.co.uk
Fri Sep 11 13:16:19 IST 2009


Hello everyone,

 

I have had some strangeness happening on our whitelists per domain. A
few weeks ago I turned this on (from a global list) and it's been
working great. Unfortunately I've just seen this - 

 

Sep 10 09:15:53 mailfilter7 sm-mta-in[14176]: n8A8FpvA014176:
from=<geoff.**@example1.co.uk>, size=92755, class=0, nrcpts=2,
msgid=<200909100815.n8A8FpvA014176 at mailfilter7.**>, proto=ESMTP,
daemon=IPv4, relay=adsl-** [**] (may be forged)

Sep 10 09:15:53 mailfilter7 sm-mta-in[14176]: n8A8FpvA014176:
to=<spares at example2.com>, delay=00:00:01, mailer=esmtp, pri=152755,
stat=queued

Sep 10 09:15:53 mailfilter7 sm-mta-in[14176]: n8A8FpvA014176:
to=<joe.tavani at example1.co.uk>, delay=00:00:01, mailer=esmtp,
pri=152755, stat=queued

Sep 10 09:15:54 mailfilter7 MailScanner[83390]: Message n8A8FpvA014176
from ** (geoff.***@example1.co.uk) to example1.co.uk,example2.com is
spam, SpamAssassin (not cached, score=6.561, required 3.5,
autolearn=disabled, DYN_RDNS_AND_INLINE_IMAGE 0.00, EXTRA_MPART_TYPE
1.00, HTML_IMAGE_ONLY_12 2.25, HTML_IMAGE_RATIO_02 0.55, HTML_MESSAGE
0.00, MIME_BOUND_EQ_REL 0.84, MIME_QP_LONG_LINE 1.82, RDNS_DYNAMIC 0.10)

Sep 10 09:15:57 mailfilter7 MailScanner[83390]: Spam Actions: message
n8A8FpvA014176 actions are spam at example1.co.uk,forward

Sep 10 09:15:58 mailfilter7 sendmail[14377]: n8A8FpvA014176:
to=<spam at example1.co.uk>, delay=00:00:06, xdelay=00:00:00, mailer=esmtp,
pri=242755, relay=mail.example1.co.uk. [****], dsn=2.0.0, stat=Sent
(n8A8FvcY083874 Message accepted for delivery)

 

 

My whitelist - 

 

grep example1
/**/customer_rulesets/spam.bydomain/whitelist/example1.co.uk

*@example1.co.uk

 

(I've replaced some things but you get the point..)

 

Basically, most of the time this works great, some of the time I see
stuff getting through, not being whitelisted etc. When I grep for
whitelist in the maillog it shows as stopping and starting all the time.
For example here is the period that mailscanner should have found the
whitelist entry - 

 

Sep 11 09:15:39 mailfilter7 MailScanner[44048]: Closing down by-domain
spam whitelist

Sep 11 09:15:40 mailfilter7 MailScanner[40706]: Starting up by-domain
spam whitelist, reading from
/**/customer_rulesets/spam.bydomain/whitelist

Sep 11 09:15:46 mailfilter7 MailScanner[66736]: Message n8B8Feab040736
from 15***** (craig.**@**.com) is whitelisted

Sep 11 09:15:53 mailfilter7 MailScanner[40706]: Read whitelist for 1165
domains

Sep 11 09:16:13 mailfilter7 MailScanner[59788]: Message n8B8G8Oo041572
from *** (havant@**.co.uk) is whitelisted

Sep 11 09:16:27 mailfilter7 MailScanner[36105]: Message n8B8GLKM042076
from *** (yourmessages@**.co.uk) is whitelisted

 

I've been searching and this whitelist works usually for my entry, I can
see other email addresses being white listed fine from the same domain.
This leaves me to believe it's something to do with the stopping and
starting of the by-domain spam white list.? 

Does anyone else see this in their logs? 

 

 

 

Rich

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090911/6d2133bf/attachment.html


More information about the MailScanner mailing list