AW: whitelist_to getting exploited

Ohlenmacher, Olaf Olaf.Ohlenmacher at colt.net
Tue Jan 2 16:41:51 CET 2007 

Hi to all,

> -----Ursprüngliche Nachricht-----
> Von: mailscanner-bounces at lists.mailscanner.info 
> [mailto:mailscanner-bounces at lists.mailscanner.info] Im 
> Auftrag von Ramprasad
> Gesendet: Freitag, 29. Dezember 2006 08:16
> An: mailscanner at lists.mailscanner.info
> Betreff: whitelist_to getting exploited
> 
> 
> In our setup where we do email scanning for our clients we 
> have a feature by which clients can opt-out some ids from spamscan 
> 
> So I use in Mailscanner.conf
> 
> Spam Checks = spamcheck.rules
> 
> This file has 
> 
> To: user-1 NO
> default YES
> 
> Now a spammer marks a mail to multiple people with user-1  in 
> BCC and the mail passes straight 
> How can I get rid of this problem. If I use the 
> user_in_whitelist_to feature at spamassassin then too I would 
> have the same issue 

Configure your MTA to singularise the Mail first. How to to that depends on the MTA you are using.

Because MailScanner is not an MTA (and it should not behave like one) it can not split a mail depending on recipients and rules. That's a job for your MTA. Just configure it to save them as individual mails into the incoming queue.

@Ram: just call me under COLT 8-491-7825

Regards, 
  Olf

PS:
No i can not truncate the annoying appandage :-(


*************************************************************************************
The message is intended for the named addressee only and may not be disclosed to or used by anyone else, nor may it be copied in any way. 

The contents of this message and its attachments are confidential and may also be subject to legal privilege.  If you are not the named addressee and/or have received this message in error, please advise us by e-mailing security at colt.net and delete the message and any attachments without retaining any copies. 

Internet communications are not secure and COLT does not accept responsibility for this message, its contents nor responsibility for any viruses. 

No contracts can be created or varied on behalf of COLT Telecommunications, its subsidiaries or affiliates ("COLT") and any other party by email Communications unless expressly agreed in writing with such other party.  

Please note that incoming emails will be automatically scanned to eliminate potential viruses and unsolicited promotional emails. For more information refer to www.colt.net or contact us on +44(0)20 7390 3900.

More information about the MailScanner mailing list