Detecting forwarded spam

[Martin.Hepworth]

Daniel

We had a similar situation a few years back (3?).

The X-MailScanner headers could be used as trust mechanism - ie it's got
the "X-MailScanner: Found to be clean", so we'll trust that and allow
the email through.

Now the virus writers found out about this and inserted this header into
the emails they send out, in order to circumvent MailScanner doing
checks on the email. Jules had to rush a new release quickly where the
%org-name% was inserted into the headers to try and make this a little
unique, so there was some chance of the header being actually inserted
by MS. Can't see anything in the changelog, but it was around version
4.22 from memory

*IF* you trust this you may hold yourself open to false positives, ie
just because someone else's system says its spam doesn't mean yours
will.


--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> bounces at lists.mailscanner.info] On Behalf Of Michael Masse
> Sent: 15 May 2007 18:21
> To: <MailScanner discussion
> Subject: Detecting forwarded spam
>
> Is there a way for MailScanner to detect if a forwarded message has
> already been detected as spam by another system, therefore not needing
to
> run it's own spam check?
>
> We have a large number of users who used to use a separate email
provider
> and they now just have that email forwarded to their account here.
> Their old system detects spam and creates a header entry like:
> X-Spam-Report: IsSpam=yes
>
> Right now our system just ignores that, so I was wondering if I can
get
> our Mailscanner to take this into account and not bother with
spamassassin
> checks if it sees this in the header?     I'm sure I could make a
> spamassassin rule to assign points if it saw this, but the whole point
is
> to not have to get spamassassin involved.
>
> Is this possible, or should I just stick with a spamassassin rule?
>
> Mike
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.

Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.

Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 

Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************