[sanesecurity] Re: winnow false positive
- From: David B Funk <dbfunk@xxxxxxxxxxxxxxxxxxxxx>
- To: Robert Schetterer <robert@xxxxxxxxxxxxxx>
- Date: Thu, 30 Apr 2009 19:50:11 -0500 (CDT)
On Thu, 30 Apr 2009, Robert Schetterer wrote:
> Hi Bill ,
> i know this , but thx to remember
>
> but perhaps you may help me understand this
>
> # This option specifies a file which contains a list of POSIX regular
> # expressions. Addresses (sent to or from - see below) matching these
> regexes
> # will not be scanned. Optionally each line can start with the string
> "From:"
> # or "To:" (note: no whitespace after the colon) indicating if it is,
> # respectively, the sender or recipient that is to be whitelisted.
> # If the field is missing, "To:" is assumed.
> # Lines starting with #, : or ! are ignored.
> #
> # Default unset (no exclusion applied)
> #Whitelist /etc/whitelisted_addresses
>
> i tried i.e
>
> "From:root@xxxxxxxxxxxxxxxx"
> in
> /etc/whitelisted_addresses
>
> seems not to work, no whitelist logging,
> perhaps i am to low in english to check what syntax the example means ?
The whitelist addresses need to be in sendmail envelope format.
So for example, in my Whitelist file to make sure that messages sent to
the "postmaster" address get thru I have:
To: <postmaster@xxxxxxxxxxxxxxxxxxxxx>
Note the use of the '<' and '>'
So for your case you could use: From: <root@xxxxxxxxxxxxxxxx>
but be aware, a virus creator could forge that address and sent it to
anybody in your organization. (In my case, they could only hit the
'postmaster' recipient who is clueful enough to not use windows ;).
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
Other related posts:
