query regarding qurantine release

Mail Administrator mailadmin at baladia.gov.kw
Tue Sep 11 16:06:05 IST 2007 

> Mail Administrator spake the following on 9/4/2007 2:07 PM:
>>> How does your webmail send the mail?
>>> Does it make a smtp connection or run sendmail locally?
>>>
>>> If it makes a SMTP connection then you could probably configure it to
>>> connect to the servers real IP address and not 127.0.0.1 and then it
>>> should
>>> work.
>>>
>>
>> Thanks for ur quick reply
>> really appreciate
>>
>> sendmail runs locally
>>
>> here my mail log when i send a message for more info.
>>
>> ----------------------------------------
>>
>> ep  5 00:03:07 kmdns1 sendmail[32523]: l84L36FM032523:
>> from=simon at kmun.gov.kw, size=652, class=0, nrcpts=1,
>> msgid=<3964.62.150.152.226.1188939786.squirrel at webmail.baladia.gov.kw>,
>> relay=apache at localhost
>> Sep  5 00:03:07 kmdns1 sendmail[32524]: l84L37UE032524:
>> from=<simon at kmun.gov.kw>, size=877, class=0, nrcpts=1,
>> msgid=<3964.62.150.152.226.1188939786.squirrel at webmail.baladia.gov.kw>,
>> proto=ESMTP, daemon=MTA, relay=kmdns1.kmun.gov.kw [127.0.0.1]
>> Sep  5 00:03:07 kmdns1 sendmail[32524]: l84L37UE032524:
>> to=<guy20034u at yahoo.com>, delay=00:00:00, mailer=esmtp, pri=30877,
>> stat=queued
>>
>> ------------------------------------
>>
>> 62.150.152.226 is a ip of my machine
>>
>> since my sendmail runs locally on ip 127.0.0.1 how could i go arround
>> solving this problem .
>> apprecite your help
>>
>> regards
>>
>> simon
>>
>>
>>
>>>> -----Original Message-----
>>>> From: mailscanner-bounces at lists.mailscanner.info
>>>> [mailto:mailscanner-bounces at lists.mailscanner.info]On Behalf Of
>>>> Mail Administrator
>>>> Sent: 04 September 2007 21:28
>>>> To: MailScanner discussion
>>>> Subject: query regarding qurantine release
>>>>
>>>>
>>>> Dear All,
>>>>
>>>>
>>>> I have the following setup on my server
>>>>
>>>> 1) Centos
>>>> Primary Mail server
>>>> Primary dns server
>>>> Mailscanner
>>>> Webmail server
>>>>
>>>> most of the users use their browser to login to the above server for
>>>> sending and checking their mails
>>>> everything is been workin perfectly
>>>>
>>>> i installed mailwatch so that i could release quarantine mails at
>>>> my decision
>>>>
>>>> i then followed the exact steps as mentioned in the FAQ
>>>>
>>>> http://mailwatch.sourceforge.net/doku.php?id=mailwatch:faq
>>>>
>>>> and now i tried to test
>>>>
>>>> i sent a mail with attachment from my Yahoo account to my local mail
>>>> server and it was blocked my mailscanner whcih is perfect
>>>> n i logged in mailwatch and i could release the attachment and after i
>>>> released if went perfectly to my mailbox. thats grt
>>>>
>>>> now i sent a mail with attachemnt from my local account using webmail
>>>> to
>>>> my yahoo account and it went perfectly fine
>>>>
>>>> and in my mailwatch details ..
>>>> status as whitelist
>>>> spam score 0.00
>>>>
>>>> since 127.0.0.1 is white listed as per the rules..
>>>>
>>>> So i see that Mailscanner n mailwatch works jus perfect for the mails
>>>> received its grt
>>>>
>>>> but i have queries regading mail sent by users using the browser
>>>> with webmail
>>>>
>>>> 1) does mailscanner do a virus n spam check on the mails sent since i
>>>> see
>>>> in mailwatch the status is
>>>>
>>>> status as whitelist
>>>> spam score 0.00
>>>> cause if this does not happen then the users pc inefcted will cause
>>>> the
>>>> mail server to spam or send infected mails out
>>>>
>>>> 2) obviously i would like mailscanner to scan and block any
>>>> attachments
>>>> sent by my users via webmail and they should only be sent when
>>>> released
>>>> from quarantine with mailwatch
>>>>
>>>> how do i the above .. setup rules for doin that
>>>>
>>>> basically i see that after i implemented the steps in FAQ regarding
>>>> the
>>>> release of quarantine mails i see that it works perfect for mails with
>>>> attachment received and not for mails sent
>>>>
>>>>
>>>> really wd apprecite your help
>>>>
>>>>
>>>> Regards
>>>>
>>>> Simon
> In your conf.php in the mailwatch directory you have a setting like;
> define(QUARANTINE_FROM_ADDR, 'postmaster');
>
> Change all the rules to have From: 127.0.0.1 and From:
> postmaster at localhost no
> (notice the "and From:" part)
>
> Change postmaster to what you have in your conf.php.
> This way it will only whitelist messages that match "both" choices, which
> your
> webmail users won't hit.


Dear Scott,

i have been tryin ur sugestions and tryed chnging the rukes and testing
with no luck

wht i have achieved is this


if i send a mail from my rediffmail or yahoo account with an attachment to
my local account the attachment is blocked and then when i log into
mailwatch and release the attachment it is realeased perfectly and goes to
my inbox
which is absolutely correct n wht i want

now if from my local account i send mail with attachment to my yahoo
account the attachment is blocked which is perfect
now i would like to release it so when i log into mailwatch n try to
release it i get a message saying it is released by the new user i created
n defined in conf.php .
but i see in the maillogs that it been blocked again
here below
------------------------------------------------------

kmdns1 sendmail[17217]: l8BEYeJ2017217: from=<mailmanager at localhost>,
size=153473, class=0, nrcpts=1,
msgid=<200709111434.l8BEYeJ2017217 at kmdns1.kmun.gov.kw>, proto=ESMTP,
daemon=MTA, relay=kmdns1.kmun.gov.kw [127.0.0.1]
Sep 11 17:34:41 kmdns1 sendmail[17217]: l8BEYeJ2017217:
to=<sylvan_2804 at rediffmail.com>, delay=00:00:00, mailer=esmtp, pri=183473,
stat=queued
Sep 11 17:34:41 kmdns1 MailScanner[16792]: New Batch: Scanning 1 messages,
154073 bytes
Sep 11 17:34:41 kmdns1 MailScanner[16792]: Message l8BEYeJ2017217 from
127.0.0.1 (mailmanager at localhost) to rediffmail.com is too big for spam
checks (154073 > 150000 bytes)
Sep 11 17:34:41 kmdns1 MailScanner[16792]: Virus and Content Scanning:
Starting
Sep 11 17:34:44 kmdns1 MailScanner[16792]: Filename Checks: Blocked
Filename Detected (l8BEYeJ2017217 bpftp241.exe)
Sep 11 17:34:44 kmdns1 MailScanner[16792]: Filename Checks: Blocked
Filetype Detected (l8BEYeJ2017217 bpftp241.exe)

apprecite your kind help

mailmanager is the user i have created n specifies in conf.php

regards

Benedict



>
> --
>
> MailScanner is like deodorant...
> You hope everybody uses it, and
> you notice quickly if they don't!!!!
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>


-- 
Network ADMIN:

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list