Thanks for previous answers + How to stop "cascading" MailScanners from multiple scans?

Alistair Carmichael Alistair.Carmichael at ntltravel.com
Wed Jul 18 17:00:27 IST 2007


> Every part of an email message can be forged. If MailScanner had a 
> facility whereby the scanning process could be skipped if a certain 
> element (e.g. a header) was present, it would be trivial for the 
> spammers and virus-writers to bypass MailScanner.
>
> So no, you can't do this. And no, you shouldn't try to :-)
>
> The headers are constructed and managed so that multiple MailScanners 
> leave a tidy trail behind them. We can have messages in our system
which 
> might be scanned by 4 different MailScanner servers quite easily, if a

> campus address (2 servers) is .forward-ed to a department address,
which 
> takes it through 2 more (MX and delivery servers).
>
> Jules
>
> - -- 
> Julian Field MEng CITP
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

What about if the sendmail MTA that collects and delivers messages after
being scanned (normally from /var/spool/mqueue) is configured to listen
on an alternative TCP port, then set up nat policies either with
iptables or your own firewall on each of the server so traffic destined
for port 25 to the other mailscanner servers is translated to your
alternative port (this alternative port would also be firewalled to the
rest of the internet to avoid any spammers tracking this down.
Our situation we have multiple mailscanners and often mail will go
through lots of scanners especially when being forwarded but haven't ran
into any issues with this.

Al

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.


More information about the MailScanner mailing list