Thanks for previous answers + How to stop "cascading" MailScanners from multiple scans?

UxBoD uxbod at splatnix.net
Wed Jul 18 19:55:40 IST 2007


If using the latest release, with watermark, then as long as the SECRET is the same of each node will it not pass through without being scanned?
----- Original Message -----
From: "Alistair Carmichael" <Alistair.Carmichael at ntltravel.com>
To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
Sent: Wednesday, July 18, 2007 5:00:27 PM (GMT) Europe/London
Subject: RE: Thanks for previous answers + How to stop "cascading" MailScanners from multiple scans?

> Every part of an email message can be forged. If MailScanner had a 
> facility whereby the scanning process could be skipped if a certain 
> element (e.g. a header) was present, it would be trivial for the 
> spammers and virus-writers to bypass MailScanner.
>
> So no, you can't do this. And no, you shouldn't try to :-)
>
> The headers are constructed and managed so that multiple MailScanners 
> leave a tidy trail behind them. We can have messages in our system
which 
> might be scanned by 4 different MailScanner servers quite easily, if a

> campus address (2 servers) is .forward-ed to a department address,
which 
> takes it through 2 more (MX and delivery servers).
>
> Jules
>
> - -- 
> Julian Field MEng CITP
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

What about if the sendmail MTA that collects and delivers messages after
being scanned (normally from /var/spool/mqueue) is configured to listen
on an alternative TCP port, then set up nat policies either with
iptables or your own firewall on each of the server so traffic destined
for port 25 to the other mailscanner servers is translated to your
alternative port (this alternative port would also be firewalled to the
rest of the internet to avoid any spammers tracking this down.
Our situation we have multiple mailscanners and often mail will go
through lots of scanners especially when being forwarded but haven't ran
into any issues with this.

Al

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list