Could not analyze message

Julian Field MailScanner at ecs.soton.ac.uk
Thu Nov 2 19:46:45 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Mike Kercher wrote:
> mailscanner-bounces at lists.mailscanner.info <> scribbled on :
>
>   
>> Hi
>>
>> I have a customer who cant recieve an email from a certain
>> domain, the message is quarantined with a quarantine report
>> showing "Could not analyze message".
>>
>> The email is very basic, plain text with no attachments.
>>
>> I tried to get around this by using the Scan Messages ruleset
>>
>> Scan Messages = %rule-dir%/scan.messages.rules
>>
>> and set the following in scan.messages.rules
>>
>> FromOrTo:	default	no
>> From:	domaina.com	no
>> FromTo:	mycustomer.com	yes
>>
>> where domaina.com is the domain sending the email being
>> blocked and mycustomer.com is the domain recieving. However
>> the message is still being quarantined.
>>
>> Can anyone advise what can cause the "Could not analyze
>> message"? or why my ruleset setup is not working?
>>
>> Kind Regards
>>
>> Paul
>>     
>
> Your ruleset should look like this:
>
> From:		domaina.com		no
> FromTo:	mycustomer.com	no
> FromOrTo:	default		yes
>
> The way your ruleset is currently, it is matching on the default entry
> FIRST
>   
That won't help, it doesn't matter where the "default" rule is.

I would suspect that the envelope sender address is 
something.domaina.com and not just domaina.com. Use the "Add Envelope 
 From Header" and "Add Envelope To Header" to check the real sender and 
recipient addresses. You can't just use the From: and To: headers, as 
they often aren't the same as the real envelope details at all.

> Mike
>   

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.0 (Build 1112)
Comment: Fetch my public key foot-print from www.mailscanner.info
Charset: ISO-8859-1

wj8DBQFFSkwnEfZZRxQVtlQRAnFoAJwJbGsliEOvSB6L4IZuV8ippJeqRwCfecoB
r1SE+3sBCnd+JKONa1yrSjA=
=1kMM
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk



More information about the MailScanner mailing list