sending a virus from mailscanner's domain is undetectedbutincoming mail from either our domain or others is detected

Julian Field mailscanner at ecs.soton.ac.uk
Fri Jun 21 20:27:58 IST 2002


At 20:18 21/06/2002, you wrote:
>ps
>HOw the heck could it be hijacked?!! weird

Very easily. Your dialup ISP has a proxy server which redirects all port 25
traffic to their own SMTP server.

FreeServe in the UK do exactly this. It doesn't matter what SMTP server you
configure in your software, you always use theirs, which avoids their tech
support people having to deal with mail relaying problems.

So what do your Received: headers say? What you expect?
>-----Original Message-----
>From: Ray Healy (Data Net Services) [mailto:ray at MATRIX-DATANET.CO.UK]
>Sent: Friday, June 21, 2002 4:06 PM
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: sending a virus from mailscanner's domain is
>undetectedbutincoming mail from either our domain or others is detected
>
>I am probably wrong in your situation but I thought I would mention this
>
>I had a similar situation where emails were not being scanned by
>MailScanner when sent through my RAQ but incomming messages where scanned
>OK if sent to my RAQ by someone else.
>
>This was due to the email message being hijacked by the ISP I was
>connecting to and putting the message through their own mail server and
>not mine even though in the properties I had stated the address of my mail
>server.
>I do not know whether this is of any help or am I toytally off track
>
>Ray
>
>
>
>----- Original Message -----
>From: <mailto:mailscanner at ECS.SOTON.AC.UK>Julian Field
>To: <mailto:MAILSCANNER at JISCMAIL.AC.UK>MAILSCANNER at JISCMAIL.AC.UK
>Sent: Friday, June 21, 2002 6:56 PM
>Subject: Re: sending a virus from mailscanner's domain is undetected
>butincoming mail from either our domain or others is detected
>
>At 18:45 21/06/2002, you wrote:
>>Hello,
>>No not on the machine running mailscanner, but outlook 2000 on a
>>workstation sent an email to an outside domain with a virus to test and
>>the outside domain received it with the virus in tact.. Its the test
>>virus you referred me earlier to use.. when I reply (from the outside
>>domain) and its incoming to mailscanner, it will pick it up then. only
>>incoming scanning is taken place not outgoing.
>>Thanks!
>Did it get any X-MailScanner: header at all?
>If not, then it probably didn't go via the MailScanner server.
>If it did, then what did the header say? What is in your mailscanner.conf
>file?
>
>Unless it is told to, MailScanner doesn't care what addresses are in the
>email message.
>>-----Original Message-----
>>From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK]
>>Sent: Friday, June 21, 2002 2:40 PM
>>To: MAILSCANNER at JISCMAIL.AC.UK
>>Subject: Re: sending a virus from mailscanner's domain is undetected
>>butincoming mail from either our domain or others is detected
>>
>>At 17:36 21/06/2002, you wrote:
>> >Sending a virus from mailscanner's domain to another is undetected, but
>> >incoming mail from either our domain or others, is detected.
>> >Is this normal?
>>
>>Did you run the email client program on the machine that is running
>>MailScanner, by any chance? If so, did you make the email program talk SMTP
>>to localhost:25 or did it invoke sendmail directly?
>>
>>MailScanner (when running with sendmail) can only scan mail coming in the
>>SMTP port. There is no way (with sendmail) of scanning mail poked directly
>>at the sendmail binary.
>>--
>>Julian Field Teaching Systems Manager
>>jkf at ecs.soton.ac.uk Dept. of Electronics & Computer Science
>>Tel. 023 8059 2817 University of Southampton
>>Southampton SO17 1BJ
>
>--
>Julian Field                Teaching Systems Manager
>jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
>Tel. 023 8059 2817          University of Southampton
>                             Southampton SO17 1BJ

--
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020621/016a1df1/attachment.html


More information about the MailScanner mailing list