Ruleset Woe {Scanned by Allteks Mailsafe}

Scott Silva ssilva at sgvwater.com
Tue Oct 16 16:05:57 IST 2007 

on 10/16/2007 4:16 AM Paul Houselander spake the following:
>> Paul Houselander wrote:
>>
>>> I have a script that runs on a server that sends a daily csv
>> file containing
>>> info about all the mail thats been blocked for a particluar domain.
>>>
>>> Since I started using the sane security clam definitions this mail keeps
>>> getting flagged as a virus.
>>>
>>> Ive tried to use rulesets to exclude this particluar email from
>> being virus
>>> checked
>> What information did you get from the message headers?
>> What information did you get fom the logs?
>>
>> These 2 should give you a better insight how a message was handled.
>>
>> And never forget that whatever happens to be on the To: or From: line
>> may not be at all what is used to deliver the message. So your rules may
>> not work the way you think because you might be looking at the wrong
>> addresses.
>>
>> Think of it as snailmail. The postman only looks at the envelope to
>> deliver the message. MailScanner is the bastard in the middle that scans
>> the same envelopes and decides who is going to read the messages besides
>> you. That is where your rules come to play.
>>
>> Like this one passes the CIA and the FBI. The next one one we do not
>> touch. The third one is looked at by the CIA and DEA. And so on.
>>
>> Hugo.
>>
> 
> Thanks for the reply, ive reviewed the headers and they show the To: address
> the same as the one im using in the ruleset. The log shows the same "To"
> address and also 127.0.0.1 as the relaying host.
> 
> Im at a loss as to what to try next, it looks pretty straight forward
> 
> FromOrTo:	default 	no
> From:	127.0.0.1	no
> From: admin at domain.com	no
> To:	*@differentdomain.com	yes
> 
> I just cant see why its still scanning the message, I changed the To address
> to an external address not dealt with on my system and the mail went through
> without being scanned so its picking up on the To address even though I said
> anything From admin at domain.com should not be scanned!
> 
> Any other ideals?
> 
> CHeers
> 
> Paul
> 
> 
You can set MailScanner to set headers for the envelope address. It can help 
you to see what MailScanner actually works on.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

More information about the MailScanner mailing list