HTML disarming problem?
Rose, Bobby
brose at MED.WAYNE.EDU
Sat Jun 19 15:07:34 IST 2004
The only spam action I have are to delete high scoring. For low scoring
it's tagged and sent as well as a copy forwarded to my spam mailbox.
There isn't any sending of SPAM messages back to sender. I just started
using disarm with the latest version. Before they were just rejected.
Could that be it?
Allow Iframe Tags = no
Allow Script tags = no
Allow Form Tags = ruleset (internal systems allowed)
Allow Webbugs = disarm
Allow Object Codebase Tas = no
The only change was the webbugs. Could it be doing this if there are
both <img> and <iframe>, etc and just not showing in the logs or sending
a warning to postmaster.
-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
Behalf Of Julian Field
Sent: Saturday, June 19, 2004 9:17 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: HTML disarming problem?
For some reason it has sent back a message to the original sender
address.
If this was wrong in the code, I can't help but think that someone else
would have reported a similar problem (a lot of people use the disarm
feature). So I can only suggest you check your configuration. You have
got any spam actions set to bounce or anything? It might have been
triggered by something else entirely.
At 00:11 19/06/2004, you wrote:
>Resending since I haven't heard a response on this one.
>
>Julian,
>
>I had a user say they were getting some newletter and I checked the
>logs and I think the message is getting sent back to the sender instead
>of being delivered on to the recipient after disarming. Based on this
>excerpt, does it look like this is what is happening?
>
>Jun 16 01:10:37 eeyore sendmail[24486]: [ID 801593 mail.info]
> i5G5A6Dl024486: from=<subscribers at dailydose.net>, size=17715,
>class=0,
> nrcpts=1, msgid=<200406160512.i5G5C90b008215 at mars.cwcs.co.uk>,
> proto=ESMTP, daemon=MTA, relay=mars.cwcs.co.uk [194.216.113.253] Jun
>16 01:10:37 eeyore sendmail[24486]: [ID 801593 mail.info]
> i5G5A6Dl024486: to=<xxxxxxxx at med.wayne.edu>, delay=00:00:01,
> mailer=relay, pri=47715, stat=queued
>Jun 16 01:10:45 eeyore MailScanner[18907]: Content Checks: Detected
> HTML-specific exploits in i5G5A6Dl024486 Jun 16 01:10:45 eeyore
>MailScanner[18907]: Content Checks: Detected and
> will disarm HTML message in i5G5A6Dl024486 Jun 16 01:11:04 eeyore
>sendmail[24559]: [ID 801593 mail.info]
> i5G5AkDm024559: from=<>, size=1070, class=0, nrcpts=1,
> msgid=<200406160510.i5G5Akpp024558 at eeyore.med.wayne.edu>,
>proto=ESMTP,
> daemon=MTA, relay=localhost [127.0.0.1] Jun 16 01:11:04 eeyore
>sendmail[24559]: [ID 801593 mail.info]
> i5G5AkDm024559: to=<subscribers at dailydose.net>, delay=00:00:00,
> mailer=esmtp, pri=31070, stat=queued
>Jun 16 01:11:04 eeyore sendmail[24558]: [ID 801593 mail.info]
> i5G5Akpp024558: to=subscribers at dailydose.net, delay=00:00:18,
> xdelay=00:00:18, mailer=relay, pri=30802, relay=[127.0.0.1]
>[127.0.0.1],
> dsn=2.0.0, stat=Sent (i5G5AkDm024559 Message accepted for delivery)
>Jun 16 01:12:05 eeyore sendmail[24707]: [ID 801593 mail.info]
> i5G5AkDm024559: to=<subscribers at dailydose.net>, delay=00:01:01,
> xdelay=00:00:01, mailer=esmtp, pri=121070, relay=mail.dailydose.net.
> [194.216.113.253], dsn=2.0.0, stat=Sent (Command DATA Processed mail
> data Ok)
>
>-=B
>
>-------------------------- MailScanner list ----------------------
>To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
>Before posting, please see the Most Asked Questions at
>http://www.mailscanner.biz/maq/ and the archives at
>http://www.jiscmail.ac.uk/lists/mailscanner.html
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz MailScanner thanks
transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD
E1DC 7222 11F6 5947 1415 B654
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list