untagged messages
Leland J. Steinke
steinkel at PA.NET
Thu Feb 5 16:11:20 GMT 2004
hermit921 wrote:
> I am still trying to figure out why some messages don't get tagged by
> MailScanner 4-23, postfix 2. Every email should get tagged with at least
> one MailScanner header, but some don't.
>
> I came up with an idea. Is this feasible:
> Spammer sets up his client to use our mail server as his smtp
> gateway. Should work for any message addressed to a user in our domain,
> but he can't send mail outside. So spammer addresses a message to
> usera at mydomain, with CC or BCC to userb, userc, userd, etc. Now I get
> fuzzy....
>
> One message appears here, postfix dumps it in the hold queue. Postfix
> splits it up at the same time, so only the original message gets the
> MailScanner headers. Since I can't track the original, I can't verify the
> presence of headers.
>
> Am I way off?
>
As I recall, the cleanup daemon is what puts the arriving message into the
hold queue, but it is downstream where the qmgr daemon that actually splits
the message up for different destinations via the trivial-rewrite daemon.
See http://www.postfix.org/big-picture.html.
I saw one of these untagged messages this morning. I was able to track it
through our logs where it did, in fact, get a SA score of 9.7, but there
were no MS headers in the message at all. This was in the headers that did
make it through:
Message-ID: <X[20
We are researching to see if this would make postfix, MailScanner, or
SpamAssassin choke. Other than the Message-ID, we saw nothing structurally
pathological with this message. Did your untagged message have a similar
header?
Leland
More information about the MailScanner
mailing list