Ruleset for Quarantine Infections

Pascal Maes pascal.maes at elec.ucl.ac.be
Tue Dec 18 16:33:29 GMT 2007 

Hello,


This mail is related to the thread "MailScanner could not analyze some  
mails".

As it seems that all the messages which cannot be analyzed come from  
the same servers,
I try to create a ruleset for the Quanrantine Infections :

Quarantine Infections = %rules-dir%/quarantine.rules # was yes


In the file quarantine.rules, I have :

#
# Quarantine Infections
#

# mail.register.be
#
From:		212.35.125.			no
From:		/e-zone\.net/			no

FromOrTo:	default				yes



But today, I still have a mail which has been put in quarantine.
The "postcat" of the file gives :

# postcat 4B600EFB74
*** ENVELOPE RECORDS 4B600EFB74 ***
message_size:            3440             586                
1               0            3440
message_arrival_time: Tue Dec 18 12:17:17 2007
create_time: Tue Dec 18 12:17:17 2007
named_attribute: rewrite_context=local
sender:
named_attribute: log_client_name=localhost.localdomain
named_attribute: log_client_address=127.0.0.1
named_attribute: log_message_origin=localhost.localdomain[127.0.0.1]
named_attribute: log_helo_name=smtp4.sgsi.ucl.ac.be
named_attribute: log_protocol_name=ESMTP
named_attribute: client_name=localhost.localdomain
named_attribute: reverse_client_name=localhost.localdomain
named_attribute: client_address=127.0.0.1
named_attribute: helo_name=smtp4.sgsi.ucl.ac.be
named_attribute: client_address_type=2
named_attribute: dsn_orig_rcpt=rfc822;autenne at cpdr.ucl.ac.be
original_recipient: autenne at cpdr.ucl.ac.be
recipient: autenne at cpdr.ucl.ac.be
*** MESSAGE CONTENTS 4B600EFB74 ***
Received: from smtp4.sgsi.ucl.ac.be (localhost.localdomain [127.0.0.1])
	by smtp4.sgsi.ucl.ac.be (Postfix) with ESMTP id 4B600EFB74
	for <autenne at cpdr.ucl.ac.be>; Tue, 18 Dec 2007 12:17:17 +0100 (CET)
Received: from mail5.e-zone.net (unknown [212.35.125.179])
	by smtp4.sgsi.ucl.ac.be (Postfix) with ESMTP
	for <autenne at cpdr.ucl.ac.be>; Tue, 18 Dec 2007 12:17:17 +0100 (CET)
Message-Id: <B0079261542 at mail5.e-zone.net>
Date: Tue, 18 Dec 2007 12:17:05 +0100


What's wrong with the quarantine ruleset ?

Thanks
--
Pascal

More information about the MailScanner mailing list