Forwarded mail lets spam through

Matt Bullock mbullock at TROIKANETWORKS.COM
Thu Sep 9 23:24:19 IST 2004


I don't have the raw message unfortunately, its already been mangled in
Outlook a couple of times :)  Let me try and explain the layout a bit
better.  I have 2 exchange servers serving separate domains/networks.
The mailscanner/sendmail box is in a dmz, and forwards smtp to the
domains on each exchange server.  For one exchange server to send mail
to the other it would be routed through the sendmail box in the dmz.
The original messages that arent being tagged as spam are originating
from the spammer, then are routed through an ISP of a friend that hosts
a domain for me.  That email is then forwarded to another email address
that I host.  The email passed through my friends ISP isnt being tagged,
but if I forward that message back through the sendmail box to my other
exchange server it gets tagged as spam.

Did I just complicate things more?  :)

Matt

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
Behalf Of Martin Hepworth
Sent: Thursday, September 09, 2004 1:37 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: Forwarded mail lets spam through

Matt

have you got the full raw email that you can post on a web/ftp site???

We can then run it through our systems to see what rules it fires and
give scores?

It could be a specific rule is needed to catch this stuff and one of us
may have it already installed.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Matt Bullock wrote:
> The server isnt whitelisted, and the spam coming through are usually
> tagged with a couple points, but not enough to trigger anything.  I
just
> forwarded one of the emails through the server and it was marked as
> spam.
>
>
> Regards,
>
> Matt Bullock
> Troika Networks, Inc.
> Network Administrator
> 805.367.2728
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> Behalf Of Steve Swaney
> Sent: Wednesday, September 08, 2004 9:17 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Forwarded mail lets spam through
>
>
>>-----Original Message-----
>>From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
>>Behalf Of Matt Bullock
>>Sent: Wednesday, September 08, 2004 11:59 AM
>>To: MAILSCANNER at JISCMAIL.AC.UK
>>Subject: Re: Forwarded mail lets spam through
>>
>
>
> Snip
>
>>Right now SA is catching about 98% of the spam received, it just
>>doesn't
>>
>>tag anything that is forwarded from one particular server.
>>
>
> Snip
>
> Only possible explanation I can think of is that this Server is some
how
> white listed. What rule sets have you modified?
>
> Steve Swaney
> President
> Fortress Systems Ltd.
> www.fsl.com
> steve.swaney at fsl.com
>
>
>
> --
> This message has been scanned for viruses and dangerous content by
> MailScanner, and is believed to be clean.
>
> Fortress Systems Ltd.
> www.fsl.com
>
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).



More information about the MailScanner mailing list