Strange scenario with Mailscanner + Sendmail
Luis Marcelo Achite
lmachite00 at yahoo.com.br
Tue May 22 18:44:13 IST 2007
Hi,
I´m using Mailscanner with Sendmail to block spam on my network. On the
last days, some strange issue began to happen. Mailscanner is liberating
spam and saying that the email is on the whitelist. The fact is that the
message IS SPAM and the email IS NOT on the whitelist file.
Looking on the log and following the processes, I can see that on the
first reference of the message, it is showing the correct external
email, but when Mailscanner acts, it is showing that the user is on the
whitelist. Checking the header of the message, I can see that
"X-IAIBR1-MailScanner-From" has the correct email, but "From" (and
"X-Originating-Email" and "X-Sender") has an internal email, which is
obviously on the whitelist.
I suppose the spammer found a way to modify these fields and deceive
Mailscanner.
How can I protect my network from this kind of attack?
Thanks in advance for any information on this.
Regards.
Marcelo
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list