mailscanner only sees the envelope TO

Ken Anderson ka at PACIFIC.NET
Wed Jul 16 17:56:27 IST 2003

I've looked at options for using a pop3 proxy with SA, but there's
nothing very mature in this area yet. See Prometo project at sourceforge
if you are interested.

But, I'd like to stay with MS because of it's additional capabilities,
and do this with per user configs for virtual users (no accounts on the
system means no procmail or spamc -u).

I've also wondered about forcing sendmail to break apart a message by
putting another mailserver out front that accepted up to 20 recipients
per message, but did no filtering. It would just relay to the MS boxes
that would only accept 1 recip per message. Wouldn't the sending
mailserver break the messages up into bits for you, or am I
misunderstanding mail delivery?

from MaxRecipientsPerMessage - If set, allow no more than
the specified number of recipients in an SMTP envelope. Further
recipients receive a 452 error code (i.e., they are deferred for the
next delivery attempt).

Ken A.

Stephen Swaney wrote:

> What about a MailScanner option that passes delivery of messages to
> multiple to a recipients to another program, i.e. procmail?
> Steve
> Steve Swaney
> Steve at
>  On Wed, 2003-07-16 at 11:47, Matt Kettler wrote:
>>At 08:30 AM 7/16/2003 -0700, Ken Anderson wrote:
>>>MailScanner only looks at the envelope TO address, so if your mail
>>>server allows messages to have 100 recipients, you have 99 users who
>>>can't control what they perceive to be their own email filtering. :-(
>>>What is the best way to handle this issue?
>>>So far, we've limited the MaxRecipients in to 10.
>>>Users don't send mail out through our MailScanner boxes, so this works
>>>reasonably well, since less than 1% of incoming mail is actually
>>>addressed to more than 1 user.
>>Unfortunately, since there's only one message at the transport layer, only
>>one action can be taken. It's either whitelisted or not.
>>SpamAssassin (a tool used by MailScanner) suffers from the same basic issue
>>whenever it's called at the transport layer. It looks at the body "To:"
>>header (along with some others), and must whitelist if any of the addresses
>>are whitelist addresses.
>>It's unfortunately impossible to magically make one message into many at
>>the MTA layer.. It's an inherent drawback.
>>Of course, you can switch to using tools that scan at the point of delivery
>>instead of transport, however those wind up scanning a message once per
>>recipient, instead of once, which increases overhead. It's kind of a
>>trade-off between flexibility and efficiency.
>>(Those who call SA from the MDA can force per-user preference files by
>>using spamc -u with the name of the actual recipient.)

More information about the MailScanner mailing list