Rules Du Jour and local domains

Jim Coates jimc at LARIDIAN.COM
Thu Mar 10 18:35:41 GMT 2005 

Julian,

This is what I already do.  

My "Virus Scanning" rule looks like this:

From:           *@mydomain.com                  no
From:           *@myotherdomain.org             no
FromOrTo:       default                         yes

But it allows spoofed incoming emails to come through.

If I change it to an IP address or block, it allows mail pulled from another
server via Fetchmail to come through because Fetchmail sends to MailScanner
via the local IP address, so it looks like its being sent internally (even
though headers are intact).

Jim


-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf
Of Julian Field
Sent: Thursday, March 10, 2005 12:29 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: Rules Du Jour and local domains


Jim Coates wrote:

>Also, is there a good tutorial for setting MailScanner to not scan 
>emails sent from the local domain users?
>
>
Set
Virus Scanning = %rules-dir%/skip.local.rules

and in /etc/MailScanner/rules/skip.local.rules use either

From: *@yourdomain.com no
FromOrTo: default yes

or, more reliably (as it doesn't matter if your domain is faked in incoming
mail)
From: 3.4.5.* no
FromOrTo: default yes
where you should replace 3.4.5.* with your local ip netblock. It will take
any common syntax for specifying this.

>I have it set to not scan @ourdomain.com, but with that in place 
>spoofed email addresses aren't scanned either.
>
>I also tried it via the local IP, but then it doesn't scan emails 
>grabbed by Fetchmail.
>
>Thanks for being patient with me.. I'm new to the list and trying to 
>get our install working properly.
>
>Thanks,
>Jim Coates
>Laridian, Inc.
>
>------------------------ MailScanner list ------------------------ To 
>unsubscribe, email jiscmail at jiscmail.ac.uk with the words: 'leave 
>mailscanner' in the body of the email. Before posting, read the MAQ 
>(http://www.mailscanner.biz/maq/) and the archives 
>(http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>
>
>

--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store Professional Support
Services at www.MailScanner.biz MailScanner thanks transtec Computers for
their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail at jiscmail.ac.uk with the words: 'leave
mailscanner' in the body of the email. Before posting, read the MAQ
(http://www.mailscanner.biz/maq/) and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list