Page 1 of 2

spam.whitelist.rules changes wiped out

Posted: 13 Feb 2019, 02:46
by barrysmoke
Where do the spam.whitelist.rules get built from, and how can I make my changes permanent? I've checked every domain/whm user's cpanel mailscanner whitelist settings, so I know the rules are not coming from the user whitelists.

I thought it might be the cron job rebuilding the spam.whitelist.rules file, but I commented it out, and my changes stayed in place until I went to the front end, mailcontrol, and whitelisted another address...and the file got rebuilt.. there are a lot of old entries popping in when its rebuilt,, so I have to fix this.
Thanks for your help

Re: spam.whitelist.rules changes wiped out

Posted: 24 Apr 2019, 04:22
by ashburtononline
I have this exact same issue ....

any changes I make to /usr/mailscanner/etc/rules/spam.whitelist.rules or to /usr/mailscanner/etc/rules/spam.blacklist.rules are deleted after a time .... sometimes a few hours and sometimes a day or two?

Please help someone?

Re: spam.whitelist.rules changes wiped out

Posted: 24 Apr 2019, 05:13
by ashburtononline
I'm deleting some lines and adding in ..

To: *@* and From: *@*.art yes
To: *@* and From: *@*.icu yes

after a time, the deleted lines return and the added lines are removed?

Re: spam.whitelist.rules changes wiped out

Posted: 25 Apr 2019, 17:22
by dohm
I'm having pretty much the same issue.

I analyzed the script msbe.pl ( in /usr/mscpanel ) and found that the whitelist is based on a pre-made whitelist found in /usr/mscpanel/spam.whitelist.rules

I haven't found where this base list is created but according to the creation date, it's populated from cpanel's localdomains list whenever an account is added / removed and probably when an account's MSFE settings are changed.

In my case, I struggle with spam from user's own domain. For some reason, it's been decided that every incoming mail claiming to come from a local domain should be whitelisted so the spam comes in however high the spam score is.

I tried to set "no" in spam.whitetelist.rules with no luck because it's being rewritten once in a while. I tried by modifying that base list I've found. Will post back with results here.

In your case, you should try editing the list via the UI (in WHM, plugins -> ConfigServer MailScanner Front-End -> Front-End Settings button and add your custom rules.

Re: spam.whitelist.rules changes wiped out

Posted: 26 Apr 2019, 00:48
by ashburtononline
Thank You dohm. I had discovered that the changes tried above stayed correct until I either whitelisted or blacklisted a domain. This then caused the file to be regenerated from the list in WHM, plugins -> ConfigServer MailScanner Front-End -> Front-End Settings button and add your custom rules..

I have added my rules in there and all is good!

Thanks again :)

Re: spam.whitelist.rules changes wiped out

Posted: 10 Jun 2019, 21:28
by barrysmoke
dohm, that is exactly what is happening to us. spam coming in on the domain, which is whitelisted if processed with the whitelisted domain deleted, gets marked as spam properly. but any time we change a rule, or if a couple of days go by, the whitelisted domains come back. I think whitelisting the domains needs to go away. since I'm not adding rules, editing front-end settings button doesn't help us.
any reccomendations?

Re: spam.whitelist.rules changes wiped out

Posted: 02 Dec 2021, 20:36
by barrysmoke
we moved away from configserver fe because of this, but we don't like the new solution either. is this still an issue, or has it been fixed?
I could see how whitelisting localdomains made sense years ago, but is completely wrong today. We'd like to move back to configserver fe if its been fixed.

Re: spam.whitelist.rules changes wiped out

Posted: 02 Dec 2021, 21:58
by Sarah
I'm not sure what exactly you are asking about. The MailScanner Front-End never automatically whitelisted local domains, and we never recommended manually doing this. If there were local domains in the whitelist in /usr/mailscanner/etc/rules/spam.whitelist.rules, then they must have been added either via the WHM MSFE plugin or via the user cPanel MSFE.

Re: spam.whitelist.rules changes wiped out

Posted: 02 Dec 2021, 22:08
by barrysmoke
right, that is what this thread is about, it was a bug where something automated in whm/cpanel would re-write changes made to the spam.whitelist.rules file. Even if you went to fix the problem, the file would re-generate with the localdomains whitelisted. dohm had found msbe.pl in /usr/mscpanel using /usr/mscpanel/spam.whitelist.rules as the base, but couldn't figure out where that file came from. it was the one being used to re-generate the /usr/mailscanner/etc/rules/spam.whitelist.rules wiping out any changes made. he reccomended a workaround:
'try editing the list via the UI (in WHM, plugins -> ConfigServer MailScanner Front-End -> Front-End Settings button and add your custom rules'
that made changes stick, but in my case, I was trying to remove the cpanel generated localdomains added to the whitelist, and any time I would delete them, they would be back from hours, to days....from this autogenerated base file.

Re: spam.whitelist.rules changes wiped out

Posted: 02 Dec 2021, 22:22
by Sarah
The rules files in general are not designed to manually edited. They WILL be overwritten by settings in the WHM MSFE plugin or the user cPanel MSFE plugin. I can only guess that is what was happening. But I have no idea why you were seeing localdomains added to the WHITELIST file. I assume you are talking about the domains listed in /etc/localdomains? MSFE does add these domains to other rules files such as spam.action.rules, virus.delivery rules, etc. so that the default rule is applied to all domains on the server, but definitely not to spam.whitelist.rules. I don't recall ever seeing that happening. SInce you still have an MSFE license you could try installing it again and if this exact issue does occur, we would be happy to take a look.