Only scan mail from external networks through mailscanner

Julian Field MailScanner at ecs.soton.ac.uk
Thu Apr 10 11:53:38 IST 2008


Do this with a ruleset on "Scan Messages" to ignore the IP addresses 
from your data centre. Looking for things in Received: headers is dodgy 
as I can force a mail to your system to not be scanned by merely including
Received: by mailscanner
anywhere in the headers.
And you've just told all the spammers that's how to avoid your MailScanner.

Norbert Schmidt wrote:
> _Hi everybody,
>
> our current setup is using a gateway mailserver that is receiving
> external mail and mail from our internal networks (like mail from the
> datacenter) and routes them to our mailscanner servers.
> As there are a lot of time critical alert mails comming from the
> datacenter  I am looking for a way to not scan them on the mailscanners
> but rather directly send them to the internal groupware servers.
> We are using a postfix setup, thus we are using the header_checks to put
> the mail into the hold queue.
> mailscanner1:~# cat /etc/postfix/header_checks
> /^Received:.by.mailscanner/     IGNORE
> /^Received:/ HOLD
>
> I've tried to add this line to the header_checks:
> /^Received:.*\.ourdomain\.com/       DUNNO
>
> Which worked somehow to good, as all mail went around the mailscanner
> (our gateway servers are using: mail1.ourdomain.com and mail2.ourdomain.com)
>
> I was thinking of a line like:  If IP in header is not one of mine then HOLD
>
> Do you have any idea on how this could be aquired or do you have a
> better way to solve this??
>
> Regards
>
> Norbert
> _
>
>   

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list