Fetchmail and MailScanner

[Julian Field]

Alex Broens wrote:
> On 8/20/2008 11:46 AM, Alex Broens wrote:
>> On 8/20/2008 11:22 AM, Ismail OZATAY wrote:
>>> Hi Edward ,
>>>
>>> I always read every incoming mail carefully. Also i know that Fabio 
>>> Silva 's
>>> problem is still going on because using smtphost setting will never 
>>> fix that
>>> problem. Fetchmail is routing all emails to smtp so source seems 
>>> interface's
>>> ip which is set before by smtphost.
>>>
>>> Here is my .fetchmailrc file;
>>>
>>> set daemon 20
>>> set syslog
>>> set postmaster root
>>> set invisible
>>> poll mail.test.net with proto POP3 and options no dns
>>>         user 'test' with pass "123456"  is 'realuser at internal.net'
>>>         keep
>>>         norewrite
>>>         smtphost 192.168.100.3
>>>
>>> Here is my incmoing mail header ;
>>>
>>> Received: from mail.test.net (mail.internal.net [192.168.100.3])
>>>     by mail.ismail.net (Postfix) with ESMTP id 99A49E8288
>>>     for <realuser at internal.net>; Wed, 20 Aug 2008 09:55:27 +0300 (EEST)
>>>
>>> As you see coming source is 192.168.100.3 so mailscanner thinks that 
>>> it is
>>> localhost. My question was how can i leave message source untouched ?
>>>
>>> Thanks Edward  :)
>>>
>>> Regards,
>>>
>>> ismail
>>>
>>>
>>> ----- Original Message ----- From: "Edward Dekkers" 
>>> <edward at tdcs.com.au>
>>> To: "'MailScanner discussion'" <mailscanner at lists.mailscanner.info>
>>> Sent: Wednesday, August 20, 2008 10:58 AM
>>> Subject: RE: Fetchmail and MailScanner
>>>
>>>
>>>> Hi all,
>>>>
>>>> I am using fetchmail as a pop connector. It downloads a lot of pop3
>>>> inbox
>>>> from some isps and it works properly. Today i installed postfix and
>>>> mailscanner for filtering virus and spam mails on the same server but
>>>> there
>>>> is something wrong with mail headers. Because mail header says that
>>>> mail
>>>> coming from localhost 127.0.0.1 which is already whitelisted. So every
>>>> incoming mail is tagged as clean. How can i fix this problem ? Can i
>>>> send
>>>> incoming mails to smtp with the original header?
>>
>> doesn't the fetchmail "silent" switch do that for you?
>
> Sorry.. meant "invisible"
>
> The --invisible option (keyword: set invisible) tries to make 
> fetchmail invisible. Normally, fetchmail behaves like any other MTA 
> would -- it generates a Received header into each message describing 
> its place in the chain of transmission, and tells the MTA it forwards 
> to that the mail came from the machine fetchmail itself is running on. 
> If the invisible option is on, the Received header is suppressed and 
> fetchmail tries to spoof the MTA it forwards to into thinking it came 
> directly from the mailserver host.
But that still won't fool MailScanner. MailScanner uses the SMTP client 
address written into the email's envelope. The MTA takes this from the 
IP address of the machine talking to it in the SMTP session during which 
it received the message.

So no matter what options you set on fetchmail, that can only ever be 
the IP address of the system itself, or localhost. So I fail to see how 
playing with fetchmail configurations can possibly make any difference 
to this.

The only thing that would make a difference is for me to start parsing 
the first Received: header and pulling the IP addresses out of that. 
Which I currently only do when
1) you are using Postfix
and
2) the Postfix envelope contains no IP address at all.
I would have to generalise this code for all the MTAs I support.

You would probably still have to tell fetchmail to not add its Received: 
header even so.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.