blocking %00 / %01 exploits with mailscanner?

Jan-Peter Koopmann Jan-Peter.Koopmann at SECEIDOS.DE
Tue Jan 20 00:03:06 GMT 2004

> According to the mcp documentation
> It implies mcp is only applied to outbound email, not incoming.

You either tell MailScanner to treat all mails (e.g. Virus Scanning =
yes) or you use rulesets (e.g. Virus Scanning =
/usr/local/etc/MailScanner/rules/virus.scanning.rules). Unless you
create a ruleset like

From: yourdomain at com    yes
FromOrTo:       default no

which would do what you understood, MCP can/will of course work on
inbound mail as well.

> "The point of Message Content Protection (MCP) is to allow 
> you to write rules for scanning the text content of email 
> messages so you can trap messages that contain certain 
> numbers of keywords and/or phrases that you don't want 
> leaving your company."
>            ^^^^^^^^^^^^^^^^^^^^
> If this is not the case, then the documentation for MCP is 
> worded badly :-/

Out of context: Agreed. Within the MailScanner context and with
knowledge of how MailScanner works: No. From my point of view that
passage is crystal clear. :-)

Do yourself a favour: Simply try it!


More information about the MailScanner mailing list