Help with large message / blacklists bypassed

Glenn Steen glenn.steen at gmail.com
Wed Aug 1 14:51:15 IST 2007 

On 01/08/07, am.lists <am.lists at gmail.com> wrote:
> OK. I admit that I may be in panic mode and not thinking this thorugh
> as completley as I would otherwise.
>
> Standard support disclosure; Linux + Postfix 2.2.2+ MailScanner 4.58.9
> (<-- I know, slacker), ClamAV (0.90.3).
>
> One of my users is the recipient on an email message that is
> apparently stuck in the sending MTA's outbound queue. For whatever
> reason, their MTA has shipped me over 3000 copies of the identical
> piece of mail.
>
> Problem on my side is that it's a 670KB message (has a lot of images
> attached) and I seem to be ineffective at blocking it and this guy's
> mailbox keeps getting clogged up. Not to mention how this guy feels
> each time his Outlook client goes out and tries to fetch 10 copies of
> a 670KB message. He's getting no work done, essentially.
>
> My process:
>
> (1) I didn't want to block everything from this particular sender --
> it's not his fault, obviously, so I looked for a unique string within
> the message and created a custom SA rule (50 points) to kick it into
> definite spam. I'd really like to strangle the mail admin on the
> otherside, but I can't quite reach him from here. :-)
>
> Result: Message too large (I hadn't noticed that detail before) so it
> skips it with the spam report saying simply "too large"
(A sort of ...) Solution: Up your Scan and SPamAssassin Size limits in
MailScanner.conf ... Don't forget to restart/reload MS to take effect.

> (2) Blacklist by sender -- added to MailScanner/MailWatch via the
> black/white page. The sender and recipient are fully stated.
>
> Result: No Effect. ??? I'm confounded by this. I thought blacks/whites
> were still checked here.
>
> (3) Added the sender name to my spam.blacklists.rules file, relevant
> lines below:
>
> # spam.blacklists.rules file
> # edited at edited.org problem
> From:   edited at edited.org                               yes
> # Never set this to yes.
> FromOrTo:       default                 no
>
> Result: Still no effect.  Messages, all 100 or so of them this
> morning, are coming thorugh just fine.
>
And you did remember to restart MailScanner after those changes? That
will affect the MW SQL B/W-list too, sort of;-).

> Where to look / what to do next on this?
>
> Thanks,
> Angelo

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list