Messages spoofed as to/from me not being scanned. What am I missing...

Martin Hepworth martinh at
Mon Aug 21 17:46:10 IST 2006

Greg Deputy wrote:
> I've been running MailScanner for a little over a year now and have been
> extremely happy with it.  I've had some spams getting through recently that
> are addressed to me, and from me.  For some reason, MailScanner doesn't seem
> to bother scanning them, just says they're clean and passes them through.
> This makes me think I may have my own address whitelisted somewhere, but if
> I do I cant find it.  I'm running with the spam.bydomain white/blacklists,
> and have checked both the default and the one for the domain the mail is
> coming in on, but my address isn't in there.  
> Is there another location I should be looking for this, or is something else
> going on?  The header of the message is below.
> This is on a fedora core 2 system running MailScanner 4.50.15, SA 3.1.0
> processing about 50k messages per day.
> Message Header:
> Return-Path: <greg at>
> X-Original-To: greg at
> Delivered-To: greg at
> Received: from (unknown [])
> 	by (Postfix) with ESMTP id B139316F9B7
> 	for <greg at>; Mon, 21 Aug 2006 07:29:41 -0700 (PDT)
> Received: from ( [])
>         by (Qmailv1) with ESMTP id 8SWCF23W
>         for <greg at>; Fri, 21 Jul 2006 10:30:39 +0700
> Received: from ([]:2306 "EHLO"
>         smtp-auth: "tokshcauqu" TLS-CIPHER: <none> TLS-PEER-CN1: <none>)
>         by with ESMTP id YL66-NWJ0NInw-p1 (ORCPT
>         <rfc822;tokshcauqu at>); Fri, 21 Jul 2006 00:20:38 -0200
> Date: Fri, 21 Jul 2006 00:20:38 -0200
> From: "Paul Ross" <tokshcauqu at>
> X-Mailer: The Bat! (v2.12.00) Personal
> X-Priority: 3
> Message-ID: <56780461541336.20060721002038570781 at>
> To: greg at
> Subject: Throw away your embarrassment
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
>         boundary="----------SFBER0FEHQNCQUOAW"
> Please contact
> postmaster at for more information
> Found to be clean
> X-MailScanner-From: greg at
> Thanks!
first of all remove the . in the %org-name% setting in mailScanner.conf 
- it'll confuse certain MTAs and isn't a valid character in the first of 
a header anyway!

I'd also check the "Is Definite Not Spam" setting and "Scan Messages". 
If you have domains in there I'd suggest making it ip-addresses (ie 
don't spam scan and which is my lan!) and not to 
use domain names..

Martin Hepworth
Senior Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	


More information about the MailScanner mailing list