X_MS_has_attach

[Pete]

Julian Field wrote:

> At 11:29 06/02/2004, you wrote:
>
>> Martin Hepworth wrote:
>>
>>> Pete wrote:
>>>
>>>> We are Domino shop, we have MailScanner/postfix/sa filtering all
>>>> inbound
>>>> mail. Very vanilla installation.
>>>>
>>>> We have merged with a company who used Exchange. Tnhey are sending
>>>> messages from thier site, from exchange, over the net, into
>>>> MailScanner
>>>> to us.
>>>>
>>>> Suddenly we have started seeing messages from this company only that
>>>> have the attachments icon in the client, to indicate that there is an
>>>> attachment, but there is NO sign of an attachment.
>>>>
>>>> All other messages from people with attachments come through with no
>>>> issue, or if they are noxious we get the inline spam warning as per
>>>> usual. We have NO rules, just basic/default filename/type/warnjing
>>>> settings in MS.conf.
>>>>
>>>> The only messages with attachments to have the X_MS_has_attach "yes"
>>>> header are the ones from this new company, they have NO anti spam
>>>> tools
>>>> at all. There is no entry in the logs for these messages to have
>>>> had an
>>>> attachment modfied or anything.
>>>>
>>>> Maybe there is a way to modify this header?, but what are the
>>>> implications of this? IS this header generated by mailscanner, why?
>>>>
>>>> We are in a situation where the new company (controlling) wants to
>>>> force
>>>> MS Exchange onto us in place of Lotus Domino, so incompabilities, that
>>>> seems to be our fault work against in a hieous way - please help me
>>>> fend
>>>> off these marauding ms exchange loving heathens...for the love of Man,
>>>> the benefit of the world and all that we stand for - etc :)
>>>
>>>
>>>
>>> Hi
>>>
>>> you might want to setup a whitelist rule for the new companies email
>>> server so SA doesn't scan - I guess you'll still need the virus
>>> scanning????
>>>
>>> Given the fact the other half is a m-sexchange site you might want to
>>> investigate the TNEF settings on the MS host. doing TNEF from the perl
>>> module is generally more powerful and less error prone than the binary,
>>> but YMMV so check that.
>>>
>>> Another option might be to setup a VPN between to two LAN's, quite easy
>>> now-adays..
>>>
>>> --
>>> Martin Hepworth
>>> Snr Systems Administrator
>>> Solid State Logic
>>> Tel: +44 (0)1865 842300
>>>
>>>
>>> **********************************************************************
>>>
>>> This email and any files transmitted with it are confidential and
>>> intended solely for the use of the individual or entity to whom they
>>> are addressed. If you have received this email in error please notify
>>> the system manager.
>>>
>>> This footnote confirms that this email message has been swept
>>> for the presence of computer viruses and is believed to be clean.
>>>
>>> **********************************************************************
>>>
>>>
>> Thanks a lot, i should have thought of that, i will whitelist them on
>> Monday. Is this simple to do, but ensuring that virus scanning
>> continues? I cant see any point turning AV off...
>
>
> You can control just about everything in MailScanner with a ruleset that
> lets you switch features on/off and change values for any arbitrary
> groups
> of users or domains. Read /etc/MailScanner/rules/* and see the FAQ too.
> There's plenty about rulesets there. You just want to tie a ruleset to
> "Spam Checks".
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
>
Thanks, i have alread6y been searching since i posted, and another
helpful fellow posted a tip, so I will proceed on Monday.

Does anyone know anything else about this mail header? i can find no
info on the net, but it APPEARS to have been generated by exchange? Is
there any way to tell why it is include and maked as YES and the mail is
disaplying attachment icon, but no attachment is present?