mailscanner behind a smtpd frontend

Alex Neuman van der Hans alex at nkpanama.com
Mon Feb 13 18:56:59 GMT 2006


In any case you can check:
bayes_ignore_header X-YOURDOMAIN-COM-MailScanner
bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamCheck
bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamScore
bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-Information

... from /etc/mail/spamassassin/mailscanner.cf for a clue. You could 
write a few lines that include your particular headers and have SA 
ignore them. I don't know if bayes_ignore_header takes regexps, but you 
could look at the docs for SA and see for yourself.

Philipp Snizek wrote:
>>>   
>>>       
>> True... More and more I find such dumbed down red boxes, doing for $10k 
>> what can be done for a couple of dozen dollars of commodity (or even 
>> used) hardware. Even so, the red boxes will occasionally hiccup - or 
>> completely die on you, requiring tedious reloading of software and 
>> rules. The sysadmins can't work up the nerve to come up to the PHB and 
>> tell him that red box his golf buddies told him about is just an 
>> overpriced and overmarketed piece of ... equipment that provides a 
>> function that could have been demonstrably better performed at a lower cost.
>>
>> That's one of my pet peeves. The other one that comes up a lot is the 
>> fact that most of those same sysadmins will buy these "transparent 
>> proxy" boxes that come with one or more forms of "antivirus", for 
>> e-mail/web/etc. - instead of a properly configured box with MailScanner 
>> + squid + clamav + squidclamav + etc.. These are the same sysadmins that 
>> call you for help 6 months later when their entire network became a 
>> botnet after becoming infected with spyware (AV vendor says "it's not a 
>> virus, so why do I care"), or when they find they can't send email out 
>> because they've wound up on an RBL because their network is an unwitting 
>> spam source, or to find where and how the keylogger got installed on the 
>> PHB's machine, or to see if there's anything we can do to get his 
>> ebay/bank/email password back after someone stole it because they 
>> trusted an overpriced "commercial" offering they'd heard of instead of a 
>> system of tools that are known to work better, faster and more efficiently.
>>
>> I think I'd better go back to work; I haven't even had my first cup of 
>> coffee and I'm already ranting... can't imagine what I'll be like around 
>> noon after my 4th... ;)
>>     
>
> I of course agree with both of you. A firewall is a firewall .... a.s.o.
> => no services on it. 
> But thats not the question.
> The question is that I have got an smtpd before a smtpd+sa+ms+av. Of
> course the smtpd is protected by a transparent L3/4 paketfilter.
> Generally, I can't break this setup. Still I'm looking for a solution
> whether mails a) could be sent transparently through the smtpd to the
> antispam gw (transparently = leaves no trace in the email's header), b)
> SA can be told that it should ignore the smtpd's received:from header,
> c) MailScanner can cut the particular received:from header before mails
> get injected into SA or d) ...your idea...
>
> Many people use a smtp proxy to protect their SA box. I want to make
> sure that the SA box doesn't learn that the smtp proxy sometimes sends
> crap. That's why the received:from header must be ignored, cut,
> whatever.
>
> Thanks so far for your answers
>
>
> Philipp
>
>
>
>  
>
>   

-- 

Alex Neuman van der Hans
N&K Technology Consultants
Tel. +507 214-9002 - http://nkpanama.com/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060213/9a726022/attachment-0001.html


More information about the MailScanner mailing list