Emailing quarantined emails
Denis Beauchemin
Denis.Beauchemin at USHERBROOKE.CA
Mon Feb 23 15:42:13 GMT 2004
Le lun 23/02/2004 à 10:18, Jan-Peter Koopmann a écrit :
> > I've tried that, but all it does is re-quarantine itself.
>
> Been there... :-)
>
> Make filename and filetype checks dependend on who is sending the stuff.
> Instead of
>
> Filename Rules = %etc-dir%/filename.conf
> Filetype Rules = %etc-dir%/filetype.conf
>
> do something like
>
> Filename Rules = %etc-dir%/rules/filename.rules
> Filetype Rules = %etc-dir%/rules/filetype.rules
>
> Create two sets of filename.conf/filetype.conf files (e.g.
> filename.rules.release.conf and filetype.rules.release.conf). In the
> .release.conf files allow all files that you want to be able to release
> from the Quarantine. Then in filename.rules put something like
>
> From: postmaster at yourdomain.com
> /usr/local/etc/MailScanner/filename.rules.release.conf
> FromOrTo: default
> /usr/local/etc/MailScanner/filename.rules.conf
>
> In MailWatch conf.php adjust the QUARANTINE_FROM_ADDR to match the one
> in the rules-file:
>
> define(QUARANTINE_FROM_ADDR, 'postmaster at yourdomain.com');
>
> That should do the trick.
>
> Regards,
> JP
I am right in thinking that any email with an envelope from equal to
postmaster at yourdomain.com would then bypass the filename rules?
If so I would not want to implement it because it would be too risky to
let some viruses through. If I was able to restrict it only from
localhost, then maybe... but I don't think this is feasible.
Denis
--
Denis Beauchemin, analyste
Université de Sherbrooke, S.T.I.
T: 819.821.8000x2252 F: 819.821.8045
More information about the MailScanner
mailing list