Thanks for previous answers + How to stop "cascading" MailScanners from multiple scans?

Julian Field MailScanner at ecs.soton.ac.uk
Thu Jul 19 18:49:57 IST 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

That's not how the new watermarking code works. It only affects messages 
with no sender address, i.e. delivery errors. Read the new version of 
the docs at
http://www.mailscanner.info/MailScanner.conf.index.html
and you will see what it actually does.

Jules.

UxBoD wrote:
> If using the latest release, with watermark, then as long as the SECRET is the same of each node will it not pass through without being scanned?
> ----- Original Message -----
> From: "Alistair Carmichael" <Alistair.Carmichael at ntltravel.com>
> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> Sent: Wednesday, July 18, 2007 5:00:27 PM (GMT) Europe/London
> Subject: RE: Thanks for previous answers + How to stop "cascading" MailScanners from multiple scans?
>
>   
>> Every part of an email message can be forged. If MailScanner had a 
>> facility whereby the scanning process could be skipped if a certain 
>> element (e.g. a header) was present, it would be trivial for the 
>> spammers and virus-writers to bypass MailScanner.
>>
>> So no, you can't do this. And no, you shouldn't try to :-)
>>
>> The headers are constructed and managed so that multiple MailScanners 
>> leave a tidy trail behind them. We can have messages in our system
>>     
> which 
>   
>> might be scanned by 4 different MailScanner servers quite easily, if a
>>     
>
>   
>> campus address (2 servers) is .forward-ed to a department address,
>>     
> which 
>   
>> takes it through 2 more (MX and delivery servers).
>>
>> Jules
>>
>> - -- 
>> Julian Field MEng CITP
>> www.MailScanner.info
>> Buy the MailScanner book at www.MailScanner.info/store
>>
>> Need help customising MailScanner?
>> Contact me!
>> Need help fixing or optimising your systems?
>> Contact me!
>> Need help getting you started solving new requirements from your boss?
>> Contact me!
>>
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>     
>
> What about if the sendmail MTA that collects and delivers messages after
> being scanned (normally from /var/spool/mqueue) is configured to listen
> on an alternative TCP port, then set up nat policies either with
> iptables or your own firewall on each of the server so traffic destined
> for port 25 to the other mailscanner servers is translated to your
> alternative port (this alternative port would also be firewalled to the
> rest of the internet to avoid any spammers tracking this down.
> Our situation we have multiple mailscanners and often mail will go
> through lots of scanners especially when being forwarded but haven't ran
> into any issues with this.
>
> Al
>
> This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>   

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.2 (Build 2014)
Charset: UTF-8

wj8DBQFGn6RGEfZZRxQVtlQRAldLAJ9FABBTOOVBwHnrPbiUXN0k3Kqc2wCfZwJp
RVbV2Crl8kGWMxB+EwSbM7A=
=zx5V
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

More information about the MailScanner mailing list