MailScanner Text File Creation

Stephen Conway sconway at WLNET.COM
Mon Oct 25 17:00:17 IST 2004 

Hello Again:

In this case, if somehow a Spammer managed to know what our custom header
was, and placed it into messages, these messages would be processed
normally, (i.e. by the MS SPAM blocking routines, and / or SPAM Assassin,
anti-virus, etc).  It would, in this case only by-pass our archiving rule
and also our delete rule.

In other words, since the message was already processed by MS, if I ran it
through Sendmail again, would MS capture it and archive it the second time?

All we are wondering , is if it can be done, and if so, how?

Thanks for any assistance.

Steve

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf
Of Julian Field
Sent: Monday, October 25, 2004 11:01 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: MailScanner Text File Creation

And what happens when a spammer starts sending you mail with that header in
it? You can't trust anything in the headers at all.

On 25/10/04 3:48 pm, "Stephen Conway" <sconway at WLNET.COM> wrote:
> Hello:
>
> I have managed the following, and have one further issue:
>
> I am now creating the archive, and also am 'deleting' the outgoing
message,.
> I have now a question about MailScanner rules, is there anyway that MS can
> match on any other criteria, i.e. if a certain header exists in a message,
> then do something?  Example, after my processes analyze the archive
created
> above, I must then re-send the messages to the Internet to the actual
> recipients, but if I again put them through MS, they will again end up in
> the archive, and a loop will be started.  I could send them via another
> Sendmail process , or via another SMTP host but this involves running
other
> processes, or server..
>
> After each process above, I put a header field into the messages
'X-FLTMAIL'
> .  What I would like to know is if MS finds this header, then it should
not
> archive the message , and also bypass the 'delete' rule .
>
> Any ideas on how this can be done?  In looking at ruleset syntax, it is
> always 'from / To or Default' anyway to check for other fields / criteria?
> Maybe through a custom function?
>
> Thanks,
>
> Steve
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
Behalf
> Of Julian Field
> Sent: Saturday, October 23, 2004 12:17 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: MailScanner Text File Creation
>
> All you need to do to stop it delivering them is to use a 2-line ruleset
> for Non spam actions, spam actions and high scoring spam actions.
> From: domain.com delete
> FromOrTo: default deliver
>
> Then use a ruleset for Archive Mail that says
> From: domain.com yes
> FromOrTo: default no
>
> At 16:31 23/10/2004, you wrote:
>> Good day:
>>
>> The problem with using the archive method, is that the archive only
stores
> a
>> copy there, but the messages are then delivered to their final
recipients.
>> What we need is for any mail from the domain to not be delivered , but
>> instead just copied to the location with the address file being
generated.
>> Which function in customconfig would I need to use?
>>
>> Thanks,
>>
>> Steve
>>
>> -----Original Message-----
>> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> Behalf
>> Of Julian Field
>> Sent: Saturday, October 23, 2004 11:04 AM
>> To: MAILSCANNER at JISCMAIL.AC.UK
>> Subject: Re: MailScanner Text File Creation
>>
>> Take a look in CustomConfig.pm. There are several examples in there,
>> including a commented-out skeleton of what you need to do. Your Custom
>> Function should return 'deliver' for all the messages except the ones you
>> are interested in, and copy the files where you want them for the
>> domain.com messages. You invoke it by putting
>> Non spam actions = &YourCustomFunctionName
>> in MailScanner.conf.
>>
>> The alternative approach I suggested (involving the mail archive) may be
>> much easier for you to get working.
>>
>> At 15:49 23/10/2004, you wrote:
>>> Hello Again:
>>>
>>> The custom function sounds like it would work, so I would first set my:
>>>
>>> Non spam actions = somefile.rules
>>>
>>> In somefile.rules I put the default, to be deliver , and for my per
> domain
>>> would be:
>>>
>>> From: *@domain.com      ?
>>> FromOrTo:       default deliver
>>>
>>> Please let me know what I would put here, and how to envoke a custom
>>> function, and if possible what this might look like,
>>>
>>> Thanks,
>>>
>>> Steve
>>>
>>> -----Original Message-----
>>> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
>> Behalf
>>> Of Julian Field
>>> Sent: Friday, October 15, 2004 12:24 PM
>>> To: MAILSCANNER at JISCMAIL.AC.UK
>>> Subject: Re: MailScanner Text File Creation
>>>
>>> At 17:07 15/10/2004, you wrote:
>>>> Good day:
>>>>
>>>> I had sent previously but missed the reply, if any.
>>>>
>>>> We have an application where we would need to have the following to
>> occur:
>>>>
>>>>> From *@domain.com ,
>>>> Copy that entire SMTP message to /anypath/MESSAGEREF.inc
>>>> Put a file to /anypath/MESSAGEREF.add which contains each recipient of
>> the
>>>> message on a separate line.
>>>>
>>>> Also, the message should stop there, i.e. not be sent out, as the
>>> processing
>>>> we have on those messages, will anylize then send those.
>>>>
>>>> Is there any way that MailScanner can be set up to do this?
>>>
>>> You would probably need to write a Custom Function to do this, and
> probably
>>> attach it to the "non-spam actions" configuration option. This could
test
>>> for the *@domain.com and write out the message in the files you want.
>>>
>>> The alternative would be to archive mail using "Archive Mail" and a
>>> ruleset, then have a cron job that ran every 5 or 10 minutes and
> processed
>>> the archive entries to generate the processed data you want, then
deleted
>>> the original archive files so it didn't process the same mail twice.

--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

More information about the MailScanner mailing list