Emailing quarantined emails

Denis Beauchemin Denis.Beauchemin at USHERBROOKE.CA
Mon Feb 23 15:42:13 GMT 2004

Le lun 23/02/2004 à 10:18, Jan-Peter Koopmann a écrit :
> > I've tried that, but all it does is re-quarantine itself.
> Been there... :-)
> Make filename and filetype checks dependend on who is sending the stuff.
> Instead of
> Filename Rules = %etc-dir%/filename.conf
> Filetype Rules = %etc-dir%/filetype.conf
> do something like 
> Filename Rules = %etc-dir%/rules/filename.rules
> Filetype Rules = %etc-dir%/rules/filetype.rules
> Create two sets of filename.conf/filetype.conf files (e.g.
> filename.rules.release.conf and filetype.rules.release.conf). In the
> .release.conf files allow all files that you want to be able to release
> from the Quarantine. Then in filename.rules put something like
> From:           postmaster at
> /usr/local/etc/MailScanner/filename.rules.release.conf
> FromOrTo:       default
> /usr/local/etc/MailScanner/filename.rules.conf
> In MailWatch conf.php adjust the QUARANTINE_FROM_ADDR to match the one
> in the rules-file:
> define(QUARANTINE_FROM_ADDR, 'postmaster at');
> That should do the trick.
> Regards,
>   JP

I am right in thinking that any email with an envelope from equal to
postmaster at would then bypass the filename rules?

If so I would not want to implement it because it would be too risky to
let some viruses through.  If I was able to restrict it only from
localhost, then maybe... but I don't think this is feasible.

Denis Beauchemin, analyste
Université de Sherbrooke, S.T.I.
T: 819.821.8000x2252 F: 819.821.8045

More information about the MailScanner mailing list