HTML disarming problem?

Rose, Bobby brose at MED.WAYNE.EDU
Sat Jun 19 15:07:34 IST 2004 

The only spam action I have are to delete high scoring.  For low scoring
it's tagged and sent as well as a copy forwarded to my spam mailbox.
There isn't any sending of SPAM messages back to sender.  I just started
using disarm with the latest version.  Before they were just rejected.
Could that be it?  

Allow Iframe Tags = no
Allow Script tags = no
Allow Form Tags = ruleset (internal systems allowed)
Allow Webbugs = disarm
Allow Object Codebase Tas = no

The only change was the webbugs.  Could it be doing this if there are
both <img> and <iframe>, etc and just not showing in the logs or sending
a warning to postmaster. 


-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
Behalf Of Julian Field
Sent: Saturday, June 19, 2004 9:17 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: HTML disarming problem?

For some reason it has sent back a message to the original sender
address.
If this was wrong in the code, I can't help but think that someone else
would have reported a similar problem (a lot of people use the disarm
feature). So I can only suggest you check your configuration. You have
got any spam actions set to bounce or anything? It might have been
triggered by something else entirely.

At 00:11 19/06/2004, you wrote:
>Resending since I haven't heard a response on this one.
>
>Julian,
>
>I had a user say they were getting some newletter and I checked the 
>logs and I think the message is getting sent back to the sender instead

>of being delivered on to the recipient after disarming.  Based on this 
>excerpt, does it look like this is what is happening?
>
>Jun 16 01:10:37 eeyore sendmail[24486]: [ID 801593 mail.info]
>  i5G5A6Dl024486: from=<subscribers at dailydose.net>, size=17715, 
>class=0,
>  nrcpts=1, msgid=<200406160512.i5G5C90b008215 at mars.cwcs.co.uk>,
>  proto=ESMTP, daemon=MTA, relay=mars.cwcs.co.uk [194.216.113.253] Jun 
>16 01:10:37 eeyore sendmail[24486]: [ID 801593 mail.info]
>  i5G5A6Dl024486: to=<xxxxxxxx at med.wayne.edu>, delay=00:00:01,
>  mailer=relay, pri=47715, stat=queued
>Jun 16 01:10:45 eeyore MailScanner[18907]: Content Checks: Detected
>  HTML-specific exploits in i5G5A6Dl024486 Jun 16 01:10:45 eeyore 
>MailScanner[18907]: Content Checks: Detected and
>  will disarm HTML message in i5G5A6Dl024486 Jun 16 01:11:04 eeyore 
>sendmail[24559]: [ID 801593 mail.info]
>  i5G5AkDm024559: from=<>, size=1070, class=0, nrcpts=1,
>  msgid=<200406160510.i5G5Akpp024558 at eeyore.med.wayne.edu>, 
>proto=ESMTP,
>  daemon=MTA, relay=localhost [127.0.0.1] Jun 16 01:11:04 eeyore 
>sendmail[24559]: [ID 801593 mail.info]
>  i5G5AkDm024559: to=<subscribers at dailydose.net>, delay=00:00:00,
>  mailer=esmtp, pri=31070, stat=queued
>Jun 16 01:11:04 eeyore sendmail[24558]: [ID 801593 mail.info]
>  i5G5Akpp024558: to=subscribers at dailydose.net, delay=00:00:18,
>  xdelay=00:00:18, mailer=relay, pri=30802, relay=[127.0.0.1] 
>[127.0.0.1],
>  dsn=2.0.0, stat=Sent (i5G5AkDm024559 Message accepted for delivery) 
>Jun 16 01:12:05 eeyore sendmail[24707]: [ID 801593 mail.info]
>  i5G5AkDm024559: to=<subscribers at dailydose.net>, delay=00:01:01,
>  xdelay=00:00:01, mailer=esmtp, pri=121070, relay=mail.dailydose.net.
>  [194.216.113.253], dsn=2.0.0, stat=Sent (Command DATA Processed mail
>  data Ok)
>
>-=B
>
>-------------------------- MailScanner list ----------------------
>To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
>Before posting, please see the Most Asked Questions at
>http://www.mailscanner.biz/maq/     and the archives at
>http://www.jiscmail.ac.uk/lists/mailscanner.html

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz MailScanner thanks
transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD
E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

More information about the MailScanner mailing list