Help with large message / blacklists bypassed

am.lists am.lists at
Wed Aug 1 14:21:24 IST 2007

OK. I admit that I may be in panic mode and not thinking this thorugh
as completley as I would otherwise.

Standard support disclosure; Linux + Postfix 2.2.2+ MailScanner 4.58.9
(<-- I know, slacker), ClamAV (0.90.3).

One of my users is the recipient on an email message that is
apparently stuck in the sending MTA's outbound queue. For whatever
reason, their MTA has shipped me over 3000 copies of the identical
piece of mail.

Problem on my side is that it's a 670KB message (has a lot of images
attached) and I seem to be ineffective at blocking it and this guy's
mailbox keeps getting clogged up. Not to mention how this guy feels
each time his Outlook client goes out and tries to fetch 10 copies of
a 670KB message. He's getting no work done, essentially.

My process:

(1) I didn't want to block everything from this particular sender --
it's not his fault, obviously, so I looked for a unique string within
the message and created a custom SA rule (50 points) to kick it into
definite spam. I'd really like to strangle the mail admin on the
otherside, but I can't quite reach him from here. :-)

Result: Message too large (I hadn't noticed that detail before) so it
skips it with the spam report saying simply "too large"

(2) Blacklist by sender -- added to MailScanner/MailWatch via the
black/white page. The sender and recipient are fully stated.

Result: No Effect. ??? I'm confounded by this. I thought blacks/whites
were still checked here.

(3) Added the sender name to my spam.blacklists.rules file, relevant
lines below:

# spam.blacklists.rules file
# edited at problem
From:	edited at				yes
# Never set this to yes.
FromOrTo:	default			no

Result: Still no effect.  Messages, all 100 or so of them this
morning, are coming thorugh just fine.

Where to look / what to do next on this?


More information about the MailScanner mailing list