Messages spoofed as to/from me not being scanned. What am I missing...

Martin Hepworth martinh at solid-state-logic.com
Mon Aug 21 17:46:10 IST 2006


Greg Deputy wrote:
> I've been running MailScanner for a little over a year now and have been
> extremely happy with it.  I've had some spams getting through recently that
> are addressed to me, and from me.  For some reason, MailScanner doesn't seem
> to bother scanning them, just says they're clean and passes them through.
> This makes me think I may have my own address whitelisted somewhere, but if
> I do I cant find it.  I'm running with the spam.bydomain white/blacklists,
> and have checked both the default and the one for the domain the mail is
> coming in on, but my address isn't in there.  
> 
> Is there another location I should be looking for this, or is something else
> going on?  The header of the message is below.
> 
> This is on a fedora core 2 system running MailScanner 4.50.15, SA 3.1.0
> processing about 50k messages per day.
> 
> 
> Message Header:
> 
> Return-Path: <greg at blastzone.com>
> X-Original-To: greg at blastzone.com
> Delivered-To: greg at blastzone.com
> Received: from 203.162.3.157 (unknown [222.253.101.77])
> 	by mx.blastzone.com (Postfix) with ESMTP id B139316F9B7
> 	for <greg at blastzone.com>; Mon, 21 Aug 2006 07:29:41 -0700 (PDT)
> Received: from mta.xtra.co.nz (mta.xtra.co.nz [210.54.141.1])
>         by 203.162.3.157 (Qmailv1) with ESMTP id 8SWCF23W
>         for <greg at blastzone.com>; Fri, 21 Jul 2006 10:30:39 +0700
> Received: from 194.154.164.82 ([fodlets.co.uk]:2306 "EHLO fodlets.co.uk"
>         smtp-auth: "tokshcauqu" TLS-CIPHER: <none> TLS-PEER-CN1: <none>)
>         by mta.xtra.co.nz with ESMTP id YL66-NWJ0NInw-p1 (ORCPT
>         <rfc822;tokshcauqu at fodlets.co.uk>); Fri, 21 Jul 2006 00:20:38 -0200
> Date: Fri, 21 Jul 2006 00:20:38 -0200
> From: "Paul Ross" <tokshcauqu at fodlets.co.uk>
> X-Mailer: The Bat! (v2.12.00) Personal
> X-Priority: 3
> Message-ID: <56780461541336.20060721002038570781 at fodlets.co.uk>
> To: greg at blastzone.com
> Subject: Throw away your embarrassment
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
>         boundary="----------SFBER0FEHQNCQUOAW"
> X-Blastzone.com-MailScanner-Information: Please contact
> postmaster at blastzone.com for more information
> X-Blastzone.com-MailScanner: Found to be clean
> X-Blastzone.com-MailScanner-SpamCheck: 
> X-MailScanner-From: greg at blastzone.com
> 
> 
> Thanks!
> 
Greg
first of all remove the . in the %org-name% setting in mailScanner.conf 
- it'll confuse certain MTAs and isn't a valid character in the first of 
a header anyway!

I'd also check the "Is Definite Not Spam" setting and "Scan Messages". 
If you have domains in there I'd suggest making it ip-addresses (ie 
don't spam scan 127.0.0.1 and 192.168.1.1 which is my lan!) and not to 
use domain names..

-- 
Martin Hepworth
Senior Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************



More information about the MailScanner mailing list