Whitelisting problems

Denis Beauchemin Denis.Beauchemin at usherbrooke.ca
Mon Jan 7 14:54:14 GMT 2013 

Gary,

This rule is wrong:
header    FROM_BLACKBERRY       From =~ /\.*\.us\.blackberry\.com/

It should read:
header    FROM_BLACKBERRY       From =~ /\.us\.blackberry\.com/

Rethinking about your rule, I'm not so sure anymore it was wrong because the part I removed \.* would match any number of periods, from zero to infinity. I'm pretty sure you don't have to match the complete from, but if you wanted to you would rewrite your rule this way:
header    FROM_BLACKBERRY       From =~ /.*\.us\.blackberry\.com/

Denis


De : mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] De la part de Gary Faith
Envoyé : 7 janvier 2013 09:13
À : mailscanner at lists.mailscanner.info
Objet : Re: Whitelisting problems

Finally, getting close to figuring this out but I could really use some help here.  I figured out part of the issues was spamassassin was caching data and I had to delete the cache to get it to process the rules for this message.
 
I created these three spamassassin rules:
 
# Rule to find Whitelist Blackberry mail
header    FROM_BLACKBERRY       From =~ /\.*\.us\.blackberry\.com/
score     FROM_BLACKBERRY       -10
describe  FROM_BLACKBERRY       email From blackberry user
header COM_DOMAIN_MAIL From =~ /\.com/i
score COM_DOMAIN_MAIL 0.1
header NET_DOMAIN_MAIL From =~ /\.net/i
score NET_DOMAIN_MAIL 0.1
Here is the problem now.  The meessage is being sent
 
From: srs0=jc450o=la=mydomain.net=gafaith at srs.bis6.us.blackberry.com

and in the Spam report, I get:
 
-0.50
BAYES_00
Bayesian spam probability is 0 to 1%
0.10
NET_DOMAIN_MAIL
 
1.53
RATWARE_EFROM
Bulk email fingerprint (envfrom) found
-0.00
SPF_PASS
SPF: sender matches SPF record
 
It should match the FROM_BLACKBERRY and the COM_DOMAIN_MAIL rule but instead it matches the NET_DOMAIN_MAIL rule.  It looks like it is matching on the first instance of a domain instead of what is after the @ sign.
 
Maybe with this information someone can tell me why it is doing this and what I can do to have it match the us.blackberry.com.
 
Thanks in advance,
 
Gary

More information about the MailScanner mailing list