HTML disarming problem?

Julian Field mailscanner at ecs.soton.ac.uk
Sat Jun 19 14:17:27 IST 2004 

For some reason it has sent back a message to the original sender address.
If this was wrong in the code, I can't help but think that someone else
would have reported a similar problem (a lot of people use the disarm
feature). So I can only suggest you check your configuration. You have got
any spam actions set to bounce or anything? It might have been triggered by
something else entirely.

At 00:11 19/06/2004, you wrote:
>Resending since I haven't heard a response on this one.
>
>Julian,
>
>I had a user say they were getting some newletter and I checked the logs
>and I think the message is getting sent back to the sender instead of
>being delivered on to the recipient after disarming.  Based on this
>excerpt, does it look like this is what is happening?
>
>Jun 16 01:10:37 eeyore sendmail[24486]: [ID 801593 mail.info]
>  i5G5A6Dl024486: from=<subscribers at dailydose.net>, size=17715, class=0,
>  nrcpts=1, msgid=<200406160512.i5G5C90b008215 at mars.cwcs.co.uk>,
>  proto=ESMTP, daemon=MTA, relay=mars.cwcs.co.uk [194.216.113.253]
>Jun 16 01:10:37 eeyore sendmail[24486]: [ID 801593 mail.info]
>  i5G5A6Dl024486: to=<xxxxxxxx at med.wayne.edu>, delay=00:00:01,
>  mailer=relay, pri=47715, stat=queued
>Jun 16 01:10:45 eeyore MailScanner[18907]: Content Checks: Detected
>  HTML-specific exploits in i5G5A6Dl024486
>Jun 16 01:10:45 eeyore MailScanner[18907]: Content Checks: Detected and
>  will disarm HTML message in i5G5A6Dl024486
>Jun 16 01:11:04 eeyore sendmail[24559]: [ID 801593 mail.info]
>  i5G5AkDm024559: from=<>, size=1070, class=0, nrcpts=1,
>  msgid=<200406160510.i5G5Akpp024558 at eeyore.med.wayne.edu>, proto=ESMTP,
>  daemon=MTA, relay=localhost [127.0.0.1]
>Jun 16 01:11:04 eeyore sendmail[24559]: [ID 801593 mail.info]
>  i5G5AkDm024559: to=<subscribers at dailydose.net>, delay=00:00:00,
>  mailer=esmtp, pri=31070, stat=queued
>Jun 16 01:11:04 eeyore sendmail[24558]: [ID 801593 mail.info]
>  i5G5Akpp024558: to=subscribers at dailydose.net, delay=00:00:18,
>  xdelay=00:00:18, mailer=relay, pri=30802, relay=[127.0.0.1]
>[127.0.0.1],
>  dsn=2.0.0, stat=Sent (i5G5AkDm024559 Message accepted for delivery)
>Jun 16 01:12:05 eeyore sendmail[24707]: [ID 801593 mail.info]
>  i5G5AkDm024559: to=<subscribers at dailydose.net>, delay=00:01:01,
>  xdelay=00:00:01, mailer=esmtp, pri=121070, relay=mail.dailydose.net.
>  [194.216.113.253], dsn=2.0.0, stat=Sent (Command DATA Processed mail
>  data Ok)
>
>-=B
>
>-------------------------- MailScanner list ----------------------
>To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
>Before posting, please see the Most Asked Questions at
>http://www.mailscanner.biz/maq/     and the archives at
>http://www.jiscmail.ac.uk/lists/mailscanner.html

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

More information about the MailScanner mailing list