Whitelist problem

Matt Bullock mbullock at TROIKANETWORKS.COM
Fri Sep 3 20:06:00 IST 2004


>From the logs it almost looks like the from address is 127.0.0.1 and the
server is checking its hosts file first for the lookup and finding its
own name.

Aug 30 13:01:24 slammer2 MailScanner[14013]: Message i7UK1NfY014676 from
127.0.0.1 (root at mailserver.company1.com) is whitelisted
Aug 30 13:01:24 slammer2 MailScanner[13517]: Virus and Content Scanning:
Starting
Aug 30 13:01:25 slammer2 MailScanner[14013]: Virus and Content Scanning:
Starting
Aug 30 13:01:27 slammer2 MailScanner[13517]: Uninfected: Delivered 1
messages
Aug 30 13:01:28 slammer2 sendmail[14695]: i7UK1KTv014668:
to=<someone at company2.com>, delay=00:00:08, xdelay=00:00:00, mailer=smtp,
pri=230996, relay=[10.1.1.10] [10.1.1.10], dsn=2.0.0, stat=Sent (
<BAY22-F20i4UvxlEkbB0005fe9f at hotmail.com> Queued mail for delivery)

Mb
 

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
Behalf Of Scott Silva
Sent: Thursday, September 02, 2004 10:17 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: Whitelist problem

Michele Neylon :: Blacknight Solutions wrote:
> MailScanner mailing list wrote:
>
>>Hey all,
>>
>>Sorry if this has been covered before, but I have a question
>>regarding whitelisting.  Email generated by the server (virus
>>alerts etc) are sent to my email address, but some of them
>>get marked as spam.  I want to be able to whitelist
>>everything coming from the server, but if an email is sent
>>with a spoofed address of 127.0.0.1 it will automatically be
>>whitelisted.  Is there a way around this?
>
>
> We whitelist the server hostname for mail sent from root@ and
postmaster@
> instead of the IP which works quite well
>
Aren't named addresses easily spoofed?
I seem to remember a virus trying to send false rejection messages that
said they were from postmaster at ourdomain.com. Of course the ip was *not*
  127.0.0.1

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).



More information about the MailScanner mailing list