spam score of zero!?!?

kfliong kfliong at WOFS.COM
Tue Sep 23 10:00:06 IST 2003


OK found one,

Sep 23 16:53:41 ensim sendmail[21950]: h8NKrbC21942:
to=<autodelete at mydomain.com>, delay=00:00:04, xdelay=00:00:00,
mailer=virthostmail, pri=125543, relay=mydomain.com, dsn=2.0.0, stat=Sent
(h8NKrfR21955 Message accepted for delivery)

Yes, it seems to have bypassed mailscanner!! What shall I do??

At 09:32 AM 9/23/2003 +0100, you wrote:
>Content-Transfer-Encoding: 7bit
>
>On Tue, 2003-09-23 at 09:13, kfliong wrote:
>
> >I can't just upgrade sendmail because i am using ensim. If you know
> >about
> >ensim then you would know that ensim is very particular about some
> >packages
> >that it use or else it might break the whole system. Currently sendmail
> >seems to be working fine. I won't be upgrading it unless really
> >neccessary.
>
>In my book a remotely exploitable buffer overflow is makes an upgrade
>'really necessary'.  Although, as with any important system I'd
>recommend imaging onto other hardware and performing a test upgrade
>first.
>You may not need to upgrade, there may well be back-ported fixes
>available, especially if you run one of the common distros.
>
> > >Theres no MailScanner headers there, are you sure it went through
> > >MailScanner? Have you got anything whitelisted?
>
> >Yes I do have a couple of whitelist. But that is not it. Those
> >whitelist is
> >working fine. I can see it in mailwatch 0.3.
>
>Are you whitelisting senders?  By IP or domain?  This is, I think, the
>most common way to misconfigure that lets some spam through.
>
> >How do I find out whether sendmail is handling those mails or it's
> >mailscanner? tail maillog?
>
>grep maillog for the message ID (you should see at least two entires,
>one ending in queued and one ending in sent)
>
>
>
>
>
>BMRB International
>http://www.bmrb.co.uk
>+44 (0)20 8566 5000
>_________________________________________________________________
>This message (and any attachment) is intended only for the
>recipient and may contain confidential and/or privileged
>material.  If you have received this in error, please contact the
>sender and delete this message immediately.  Disclosure, copying
>or other action taken in respect of this email or in
>reliance on it is prohibited.  BMRB International Limited
>accepts no liability in relation to any personal emails, or
>content of any email which does not directly relate to our
>business.



More information about the MailScanner mailing list