Bounced emails are not scanned for viruses.

[Magda Hewryk]

Hi Martin,

I'm running the 4.26.8 version.

Thanks for help!  I had a wrong configuration in the domains.to.scan.rules
file.
The 'From:' was set to "no", as follow. I've changed it to "yes" and I hope
it's going to solve my problem with the MailScanner no scanning bounced
emails.

From: *@localhost.localdomain  yes
To:   *@xxx.com  yes
To:   *@aaa.com     yes
To:   *@bbb.com      yes
To:   *@ccc.com   yes
To:   *@ddd.net   yes
To:   *@eee.ca    yes
From: default           no

On Thu, 18 Mar 2004 09:23:29 +0000, Martin Hepworth <martinh at SOLID-STATE-
LOGIC.COM> wrote:

>Magda
>
>what version of MS are you running? I think there was a permant fix made
>around the 4.28-1 beta version - there where patches posted that for
>4.24.5 and 4.25.x that caught a problem with mime-type issues on
>returned email (which is how you might have got infected in the first
>place).
>
>Also make sure that you are scanning all outbound email for viruses as
>well, check the config and rules.
>
>Also make sure the Lotus notes machine os relaying through the MS box
>and not sending directly.
>
>--
>Martin Hepworth
>Snr Systems Administrator
>Solid State Logic
>Tel: +44 (0)1865 842300
>
>
>Magda Hewryk wrote:
>> Hi,
>> For some reason all Delivery Failure Reports sent from the Lotus Notes-
Mail
>> Router account have a infected message.  Basically the messages is not
>> disinfected.
>>
>> Our mail gateway machines scan correctly all emails but the one sent to
the
>> unknown user are bounced back not scanned.  Because the sender's address
is
>> spoofed  the infected bounced emails are timed out and are sent to the
>> postmaster.  The Postmaster is aliased to real Lotus Notes addresses and
in
>> the result Notes mail accounts got infected.
>>
>> 1. Email is received on the mail gateway
>> 2. Email is detected as not valid <Unknown user> and is not disinfected
by
>> MailScanner.
>> 3. The Mail Gateway is trying to send it back to the original sender -
>> without disinfection first.
>> 4. Email is bounced back and timed out because cannot reach the spoof
>> address of the sender
>> 4. The bounced mail is sent to the Postmaster on the Mail Gateway
>> 5. The postmaster is re-directed to the Lotus Notes Account and the
>> disinfected email ends up in mail boxes as a Delivery Failure Report.
>>
>>
>> The bottom line:
>> Mailscanner on our Mail Servers is not scanning emails which are sent to
>> <Unknown User>.
>
>**********************************************************************
>
>This email and any files transmitted with it are confidential and
>intended solely for the use of the individual or entity to whom they
>are addressed. If you have received this email in error please notify
>the system manager.
>
>This footnote confirms that this email message has been swept
>for the presence of computer viruses and is believed to be clean.
>
>**********************************************************************