sending a virus from mailscanner's domain is undetectedbutincoming mail from either our domain or others is detected

Julian Field mailscanner at ecs.soton.ac.uk
Fri Jun 21 20:33:04 IST 2002 

Can someone summarise that stream of conciousness for me? I can't quite
focus...
May I refer you to Nick Phillips' email of last Thursday with the subject
"Re: mailscanner and maillog".
Don't take it personally, it's not intended to be.

At 20:16 21/06/2002, you wrote:
>Yeah that is interesting, We also have 2 RAQ cobalts.. RAQ4i.. We
>installed joydesk multidomain 2.61 (from virtualtek.com) and the raq got
>all stupid on us after a year or so..JoyDesk even uninstalled from it
>improperly..sad...Slowed the system down real bad.. We decided to upgrade
>joydesk and put it on a red hat standalone machine with 100GB drive,,etc..
>Its very sweet now! especially with mailscanner, spamassassin and webmin..
>tons of horsepower!.. our raq just does DNS and virtual ftp sites for us
>now..hehheee.. Our MX records on the dns have High priority set to the
>server WITH mailscanner and another MX record with Low priority sent to a
>remote email machine without mailscanner.. THIS WILL only takeover our
>mail, if the high priority email machine doesnt answer for a long period
>of time..So I can almost bet that its not going through their system
>giving me these outgoing test results.. The server with Mailscanner is not
>busy at all today.. maillogs are slow..:) thanks to spamassassin ..
>-----Original Message-----
>From: Ray Healy (Data Net Services) [mailto:ray at MATRIX-DATANET.CO.UK]
>Sent: Friday, June 21, 2002 4:06 PM
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: sending a virus from mailscanner's domain is
>undetectedbutincoming mail from either our domain or others is detected
>
>I am probably wrong in your situation but I thought I would mention this
>
>I had a similar situation where emails were not being scanned by
>MailScanner when sent through my RAQ but incomming messages where scanned
>OK if sent to my RAQ by someone else.
>
>This was due to the email message being hijacked by the ISP I was
>connecting to and putting the message through their own mail server and
>not mine even though in the properties I had stated the address of my mail
>server.
>I do not know whether this is of any help or am I toytally off track
>
>Ray
>
>
>
>----- Original Message -----
>From: <mailto:mailscanner at ECS.SOTON.AC.UK>Julian Field
>To: <mailto:MAILSCANNER at JISCMAIL.AC.UK>MAILSCANNER at JISCMAIL.AC.UK
>Sent: Friday, June 21, 2002 6:56 PM
>Subject: Re: sending a virus from mailscanner's domain is undetected
>butincoming mail from either our domain or others is detected
>
>At 18:45 21/06/2002, you wrote:
>>Hello,
>>No not on the machine running mailscanner, but outlook 2000 on a
>>workstation sent an email to an outside domain with a virus to test and
>>the outside domain received it with the virus in tact.. Its the test
>>virus you referred me earlier to use.. when I reply (from the outside
>>domain) and its incoming to mailscanner, it will pick it up then. only
>>incoming scanning is taken place not outgoing.
>>Thanks!
>Did it get any X-MailScanner: header at all?
>If not, then it probably didn't go via the MailScanner server.
>If it did, then what did the header say? What is in your mailscanner.conf
>file?
>
>Unless it is told to, MailScanner doesn't care what addresses are in the
>email message.
>>-----Original Message-----
>>From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK]
>>Sent: Friday, June 21, 2002 2:40 PM
>>To: MAILSCANNER at JISCMAIL.AC.UK
>>Subject: Re: sending a virus from mailscanner's domain is undetected
>>butincoming mail from either our domain or others is detected
>>
>>At 17:36 21/06/2002, you wrote:
>> >Sending a virus from mailscanner's domain to another is undetected, but
>> >incoming mail from either our domain or others, is detected.
>> >Is this normal?
>>
>>Did you run the email client program on the machine that is running
>>MailScanner, by any chance? If so, did you make the email program talk SMTP
>>to localhost:25 or did it invoke sendmail directly?
>>
>>MailScanner (when running with sendmail) can only scan mail coming in the
>>SMTP port. There is no way (with sendmail) of scanning mail poked directly
>>at the sendmail binary.
>>--
>>Julian Field Teaching Systems Manager
>>jkf at ecs.soton.ac.uk Dept. of Electronics & Computer Science
>>Tel. 023 8059 2817 University of Southampton
>>Southampton SO17 1BJ
>
>--
>Julian Field                Teaching Systems Manager
>jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
>Tel. 023 8059 2817          University of Southampton
>                             Southampton SO17 1BJ

--
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20020621/9a3c2b36/attachment.html

More information about the MailScanner mailing list