Ruleset Woe {Scanned by Allteks Mailsafe}

[Paul Houselander]

>
> Paul Houselander wrote:
>
> > I have a script that runs on a server that sends a daily csv
> file containing
> > info about all the mail thats been blocked for a particluar domain.
> >
> > Since I started using the sane security clam definitions this mail keeps
> > getting flagged as a virus.
> >
> > Ive tried to use rulesets to exclude this particluar email from
> being virus
> > checked
>
> What information did you get from the message headers?
> What information did you get fom the logs?
>
> These 2 should give you a better insight how a message was handled.
>
> And never forget that whatever happens to be on the To: or From: line
> may not be at all what is used to deliver the message. So your rules may
> not work the way you think because you might be looking at the wrong
> addresses.
>
> Think of it as snailmail. The postman only looks at the envelope to
> deliver the message. MailScanner is the bastard in the middle that scans
> the same envelopes and decides who is going to read the messages besides
> you. That is where your rules come to play.
>
> Like this one passes the CIA and the FBI. The next one one we do not
> touch. The third one is looked at by the CIA and DEA. And so on.
>
> Hugo.
>

Thanks for the reply, ive reviewed the headers and they show the To: address
the same as the one im using in the ruleset. The log shows the same "To"
address and also 127.0.0.1 as the relaying host.

Im at a loss as to what to try next, it looks pretty straight forward

FromOrTo:	default 	no
From:	127.0.0.1	no
From: admin at domain.com	no
To:	*@differentdomain.com	yes

I just cant see why its still scanning the message, I changed the To address
to an external address not dealt with on my system and the mail went through
without being scanned so its picking up on the To address even though I said
anything From admin at domain.com should not be scanned!

Any other ideals?

CHeers

Paul