<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.0.7">
<TITLE>RE: Whitelisted</TITLE>
</HEAD>
<BODY LINK="#0000ff">
Sorry for the bad formatting in the FAQ. Here is a repeat with hopefully <BR>
better, more understandable formatting
<PRE>
----------------------------------
I have incoming sendmail splitting multiple recipient messages into
multiple messages, so MailScanner and SA only see 1 recip per message.
Here's what I did. If any sendmail gurus out there thing this is a bad
idea, please let me know what a mess I've made of things :-)
1) Start the incoming sendmail with a different config file.
Changes to /etc/rc.d/init.d/MailScanner (from rpm install on redhat)
make this change to the incoming sendmail command line:
------ snip -------
$SENDMAIL -bd -OPrivacyOptions=noetrn \
-ODeliveryMode=queueonly \
-OQueueDirectory=$INQDIR \
-OPidFile=$INPID \
-C/etc/mail/sendmail_in.cf
-------- snip --------
2) Make changes to the new sendmail config:
cp /etc/mail/sendmail /etc/mail/sendmail_in.cf
In sendmail_in.cf, add the following:
The comment header "QUEUE GROUP DEFINITIONS" should be there already.
Just add the single line under it.
------- snip --------
############################
# QUEUE GROUP DEFINITIONS #
############################
Qmqueue, P=/var/spool/mqueue.in, F=f, r=1, R=8, I=2m
------- snip --------
AND, just above the "Ruleset 3" comment header, add the following:
(not sure if both lines are required or not...)
--------- snip --------
# LOCAL_RULESETS
Squeuegroup
R$* @ $* $# mqueue
R$* $# mqueue
############################################
### Ruleset 3 -- Name Canonicalization ###
############################################
--------- snip ----------
Restart sendmail, and things like this start showing up in the log when
messages with multiple recipients come in:
Jul 17 08:14:31 host sendmail[7183]: h6HFDop8007183: split: maxrcpts=1,
rcpts=3, count=2, ids=h6HFDop9007183; h6HFDopA007183
So now MailScanner only sees 1 recipipient per message and rulesets only apply
to the user they are supposed to apply to. Cool, huh?
Thanks for all the suggestions!
Ken A
Pacific.Net
-----------------------------------------------
Steve
Steve@Swaney.com
</PRE>
<BR>
<BR>
<BR>
<BR>
On Thu, 2003-07-24 at 10:52, Steve Douglas wrote:
<BLOCKQUOTE TYPE=CITE>
<FONT COLOR="#000080" SIZE="2"><I>I am even more confused. As my eyes glaze over. </FONT><BR>
<FONT COLOR="#737373"></FONT><BR>
<FONT COLOR="#000080" SIZE="3"> </FONT><BR>
<FONT COLOR="#737373"><BR>
</FONT><BR>
<FONT COLOR="#737373" SIZE="2">-----Original Message-----<BR>
<B>From:</B> Stephen Swaney [mailto:Steve@swaney.com] <BR>
<B>Sent:</B> Tuesday, July 22, 2003 3:38 PM<BR>
<B>To:</B> MAILSCANNER@JISCMAIL.AC.UK<BR>
<B>Subject:</B> Re: Whitelisted</FONT><BR>
<FONT COLOR="#737373"></FONT><BR>
<FONT COLOR="#737373" SIZE="3"> </FONT><BR>
<FONT COLOR="#737373"></FONT><BR>
<FONT COLOR="#737373" SIZE="3">Actually I placed Ken A, Pacific.Net's excellent solution for this in the MailScanner FAQ.<BR>
<BR>
</FONT><BR>
<A HREF="http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/169.html"><FONT SIZE="3"><U>http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/169.html</U></FONT></A><BR>
<FONT COLOR="#737373" SIZE="3"><BR>
How easy can it get.<BR>
<BR>
Steve<BR>
Steve Swaney<BR>
steve@swaney.com<BR>
<BR>
On Tue, 2003-07-22 at </FONT><FONT COLOR="#737373">16:19, Derek Winkler wrote: <BR>
</FONT><BR>
<FONT COLOR="#737373" SIZE="2">See earlier thread on splitting messages with multiple recipients into messages with one recipient each as a workaround.</FONT><BR>
<FONT COLOR="#737373"></FONT><BR>
<FONT COLOR="#737373" SIZE="2">-----Original Message-----<BR>
From: Matt Kettler [</FONT><A HREF="mailto:mkettler@EVI-INC.COM"><FONT SIZE="2"><U>mailto:mkettler@EVI-INC.COM</U></FONT></A><FONT COLOR="#737373" SIZE="2">]<BR>
Sent: Tuesday, July 22, 2003 4:16 PM<BR>
To: MAILSCANNER@jiscmail.ac.uk<BR>
Subject: Re: Whitelisted</FONT><BR>
<FONT COLOR="#737373"><BR>
</FONT><BR>
<FONT COLOR="#737373" SIZE="2">At 12:00 PM 7/22/2003 -0600, Dustin Baer wrote:<BR>
> > Dustin,<BR>
> > Maybe that is where my misunderstanding is. I thought, that would turn off<BR>
> > spam filtering for that user only. Does that say anything addressed to<BR>
> that<BR>
> > user and anyone else, will go through?<BR>
><BR>
>Hi Kris,<BR>
><BR>
>As far as I understand MailScanner's whitelisting, if one recipient is<BR>
>in the whitelist, all recipients receive the message. I have run into<BR>
>your situation also, and refuse to whitelist recipient names here, if I<BR>
>see that they receive a high volume of spam. I don't want other people<BR>
>getting spam, just because they want their name whitelisted.<BR>
><BR>
>I am sure someone will correct me, if I have mis-stated how MailScanner<BR>
>operates its whitelist.</FONT><BR>
<FONT COLOR="#737373"></FONT><BR>
<FONT COLOR="#737373" SIZE="2">That is correct. And this "problem" is a fundamental limit of running at<BR>
the MTA layer. It's not a bug, or a mistake, it's a design tradeoff between<BR>
flexibility and efficiency.</FONT><BR>
<FONT COLOR="#737373"></FONT><BR>
<FONT COLOR="#737373" SIZE="2">Mailscanner runs at the MTA layer, not the MDA layer, so there is not one<BR>
copy of the message per user when MS sees it.. there's just one message<BR>
with many recipients. Thus MailScanner can only whitelist that one message,<BR>
or not whitelist it. There is no such thing as "well, later when you go to<BR>
deliver this, give these guys this copy, and that guy this other version".<BR>
It's one message, and they'll all get the same message, all MailScanner can<BR>
do is edit it.</FONT><BR>
<FONT COLOR="#737373"></FONT><BR>
<FONT COLOR="#737373" SIZE="2">Running at the MTA layer is much more efficient, because you only scan the<BR>
message once, but it inherently has limits on "per user" customization. The<BR>
MTA layer is the ideal spot to do virus scanning, because you rarely want<BR>
user-specific behaviors for virus scanning. However doing spam scanning at<BR>
the MTA layer is somewhat limiting if you've got users that need "exceptions".</FONT><BR>
<FONT COLOR="#737373"></FONT><BR>
<FONT COLOR="#737373" SIZE="2">Personally I deal with it by creating custom SpamAssassin rules instead of<BR>
whitelists. This gives me the ability to target specific kinds of messages,<BR>
rather than specific sources or destinations. If I have to do a whitelist,<BR>
I try to make it a "fromto" type whitelist where it winds up narrowly<BR>
defined. I never use To: type whitelists, and I avoid simple From:<BR>
whitelists as well.</FONT><BR>
<FONT COLOR="#737373"><BR>
</I></FONT><BR>
</BLOCKQUOTE>
</BODY>
</HTML>