Ruleset for Quarantine Infections

Pascal Maes pascal.maes at elec.ucl.ac.be
Thu Dec 20 17:37:38 GMT 2007 

Le 20-déc.-07 à 14:34, Glenn Steen a écrit :

>> [...]
>> Hello,
>>
>>
>> I have followed the instructions from <http://www.mailscanner.info/postfix.html
>>>
>> bu we have also an before-queue filter (clamsmtp) that could explain
>> why the mail is coming from our server.
>>
>> I have changed the way tat the message is re-inected into postfix  
>> from
>> clamsmtp.
>> Now we have :
>>
>> # postcat 98B581C5CE2
>> *** ENVELOPE RECORDS 98B581C5CE2 ***
>> message_size:            2970             545
>> 1               0            2970
>> message_arrival_time: Thu Dec 20 11:02:02 2007
>> create_time: Thu Dec 20 11:02:02 2007
>> named_attribute: rewrite_context=remote
>> sender:
>> named_attribute: log_client_address=212.35.125.182
>> named_attribute: log_message_origin=unknown[212.35.125.182]
>> named_attribute: log_helo_name=web3.e-zone.net
>> named_attribute: log_protocol_name=ESMTP
>> named_attribute: client_name=localhost.localdomain
>> named_attribute: reverse_client_name=localhost.localdomain
>> named_attribute: client_address=127.0.0.1
>> named_attribute: helo_name=smtp3.sgsi.ucl.ac.be
>> named_attribute: client_address_type=2
>> named_attribute: dsn_orig_rcpt=rfc822;pascal.maes at uclouvain.be
>> original_recipient: pascal.maes at uclouvain.be
>> recipient: pascal.maes at uclouvain.be
>> *** MESSAGE CONTENTS 98B581C5CE2 ***
>> [...]
>>
> Looking good so far:-).
>
>>
>> And the message is still put in quarantine !
>
> What reason is given? The same?
>
> If you try the setting with the MailScanner command, does it return
> the expected result?
> MailScanner --value=quarantineinfections --ip=212.35.125.182
> ... or similar, what do you get?
>
> Cheers
> -- 
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se

Tha's what I get :

./MailScanner --value=quarantineinfections --ip=212.35.125.182
Looked up internal option name "quarantineinfections"
With sender =
Client IP = 212.35.125.182
Virus =
Result is "0"

0=No 1=Yes



Seems good.
--
Pascal



--
Pascal

More information about the MailScanner mailing list