watermarking to bypass content scanning?

Martin.Hepworth martinh at solidstatelogic.com
Fri Apr 18 13:41:03 IST 2008 

Kit

I'd suggest reply to's should be scanned as well..there was a research paper from last year where they suggested harvesting the email's and replying to them in order to get around whitelist/blacklists etc.

If you don't scan replies then you're open to all sorts of risks.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> bounces at lists.mailscanner.info] On Behalf Of Kit Wong
> Sent: 18 April 2008 11:52
> To: MailScanner discussion
> Subject: RE: watermarking to bypass content scanning?
>
> Hi Martin
>
> Thanks for that. I already have it setup to not scan any "server
> generate emails" and any whitelisted ip addresses.
> I have 90% of users use the server to relay emails. Their ip addresses
> are whitelisted, which by pass any scanning. Its just the emails that
> users receive that are scanned along with reply emails.
>
> EG. User from my server a at myserver.com sends to another server
> b at anotheruser.com then b at anotheruser.com 's reply should bypass
> mailscanner also.
>
> I just find it unnecessary especially of the original email have a
> watermark in.
>
> Kit
>
>
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of
> Martin.Hepworth
> Sent: 18 April 2008 11:24
> To: MailScanner discussion
> Subject: RE: watermarking to bypass content scanning?
>
> Kit
>
> The heaviest bit of scanning is the spamassassin stuff.
>
> If you create a rule that says don't spam scan on internal emails going
> out you'll achieve the same thing, but still virus scan etc.
>
> In MailScanner.conf..
>
> Spam Checks = %rules-dir%/spam.rules
>
> In spam.rules, something like..
>
> From:        10.1.1.26                no
> FromOrTo:    default                 yes
>
> Where 10.1.1.26 is the ip-address of the email server...
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
> > -----Original Message-----
> > From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> > bounces at lists.mailscanner.info] On Behalf Of Kit Wong
> > Sent: 18 April 2008 10:56
> > To: mailscanner at lists.mailscanner.info
> > Subject: watermarking to bypass content scanning?
> >
> > Hi All
> >
> > I have just upgraded to the latest MS 4.68.8-1 hoping to use the
> > Watermarking feature to bypass MS content scanning on reply emails
> sent
> > out by users on our server.  I have enabled Watermarking and its all
> > there (I can see it in the headers).
> >
> > I have just read that watermarking is not used for checking reply
> emails
> > but for multiple MailScanner to pass emails between themselves without
> > rescanning everything.
> >
> > I was just wondering whether there is a way of writing a ruleset to
> > sieve out emails with watermarks on to bypass MS content scanning?
> >
> > Kind Regards
> >
> > Kit Wong
> > --
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
>
>
>
>
> **********************************************************************
> Confidentiality : This e-mail and any attachments are intended for the
> addressee only and may be confidential. If they come to you in error
> you must take no action based on them, nor must you copy or show them
> to anyone. Please advise the sender by replying to this e-mail
> immediately and then delete the original from your computer.
> Opinion : Any opinions expressed in this e-mail are entirely those of
> the author and unless specifically stated to the contrary, are not
> necessarily those of the author's employer.
> Security Warning : Internet e-mail is not necessarily a secure
> communications medium and can be subject to data corruption. We advise
> that you consider this fact when e-mailing us.
> Viruses : We have taken steps to ensure that this e-mail and any
> attachments are free from known viruses but in keeping with good
> computing practice, you should ensure that they are virus free.
>
> Red Lion 49 Ltd T/A Solid State Logic
> Registered as a limited company in England and Wales
> (Company No:5362730)
> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
> United Kingdom
> **********************************************************************
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
> --
> Scanned by MailScanner.
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************

More information about the MailScanner mailing list