Mailscanner blacklist not working

Discuss the ConfigServer MailScanner Front-End script
Post Reply
iflexi
Junior Member
Posts: 1
Joined: 10 Mar 2016, 13:33

Mailscanner blacklist not working

Post by iflexi »

Hi.
I hired configserver install service for all the scripts, including Mailscanner, a few months ago, but I just realized that the spam blacklisting is not working.

What I tested with several accounts and mail providers and confirmed was:
- If I insert an email address or a domain (using the proper syntax) in the "Mailscanner Front-End > Server Spam Blacklist" textarea, they are added to the proper spam.blacklist.rules file.
- The same happens if I do it using the user frontend.
- BUT, the emails don't get blacklisted and I receive them anyway. In mailwatch, there is no reference to the "blacklisting" of these emails/domains and they get processed by everything else as usual (Bayes, DKIM, etc).
- If I go to the mailscanner sql table and add the email address in the from_address field of the blacklist table, then the emails start to get blacklisted on mailwatch (labeled "blacklisted" with no subsequent processing) and I don't receive them.
- The whitelisting seems to be working fine, both at the server and at the user level.

Conclusion, the blacklisting doesn't work for the file-based lists, but works for the sql-based lists.

This would be fine if:
- I could add domains to the sql blacklist table: which is not allowed.
- The users blacklist front-end would write to the sql table: which it doesn't.

Anyone else can confirm if their blacklist files (both at server and user level) are working properly?

What could I change/check to make blacklisting work?

Thanks for your help.
cacookejr
Junior Member
Posts: 1
Joined: 11 Apr 2017, 19:59

Re: Mailscanner blacklist not working

Post by cacookejr »

I am having the exact same problem.
Has there been any fix or workaround for this?
Sergio
Junior Member
Posts: 1714
Joined: 12 Dec 2006, 14:56

Re: Mailscanner blacklist not working

Post by Sergio »

Try to do a MailScanner Lint Test:
- Go to MailControl
- Open Menu
- Select MailScanner Lint Test
- Check for any errors.

Do the same with SpamAssassin Lint Test, both will show you if there is any error.
Also, restart MailScanner and watch the MailLog (Tail MailLog) in there will appear if there is any error with MailScanner.

And at last, as you paid ConfigServer to do this work, you can open a Support Ticket and they will help you out.

Sergio
dvk01
Junior Member
Posts: 80
Joined: 20 Feb 2010, 18:10

Re: Mailscanner blacklist not working

Post by dvk01 »

The problem is that MSFE uses the "envelope from" address for blacklists & not the from address
This is also causing me big problems
If the from & envelope from match then blacklist works but if they are different then only the envelope from address is read from blacklist & blocked

I get emails from name@nastydomain.tld and want to block them ( blacklist ) by using name@nastydomain.tld because the evil scammers & phishers and malware spreaders are using different a different address in envelope from which is the actual address being sent from
so for example in a recent malware campaign the spoofed From: address was always name@nastydomain.tld but the envelope from was about 200 different senders addresses
dvk01
Junior Member
Posts: 80
Joined: 20 Feb 2010, 18:10

Re: Mailscanner blacklist not working

Post by dvk01 »

I also see this with whitelists when a mailing list for example keeps the sender@gooddomain.tld but the envelope from sender is different and frequently something like abc121345@amazonses.com
I especially get this with wanted & needed forum replies from any security companies like Malwarebytes who use invisioncloudcommunity.com to actually send replies & notifications
I don't like whitelisting amazonses but without that being whitelisted many of my users don't receive the messages because they get caught as spam because of content that describes malware & phishing
Sarah
Moderator
Posts: 934
Joined: 09 Dec 2006, 22:49

Re: Mailscanner blacklist not working

Post by Sarah »

To clarify, it is not MSFE (our MailScanner Front-End) that controls what email address is used to determine whether an email is blacklisted or whitelisted; it is MailScanner itself. In any case you can easily find the envelope-from address on any email by looking at the headers, and then you can add the appropriate email address to your blacklist or whitelist.
dvk01
Junior Member
Posts: 80
Joined: 20 Feb 2010, 18:10

Re: Mailscanner blacklist not working

Post by dvk01 »

Thanks
Post Reply