Fetchmail and MailScanner
MailScanner at ecs.soton.ac.uk
Wed Aug 20 15:19:30 IST 2008
Alex Broens wrote:
> On 8/20/2008 11:46 AM, Alex Broens wrote:
>> On 8/20/2008 11:22 AM, Ismail OZATAY wrote:
>>> Hi Edward ,
>>> I always read every incoming mail carefully. Also i know that Fabio
>>> Silva 's
>>> problem is still going on because using smtphost setting will never
>>> fix that
>>> problem. Fetchmail is routing all emails to smtp so source seems
>>> ip which is set before by smtphost.
>>> Here is my .fetchmailrc file;
>>> set daemon 20
>>> set syslog
>>> set postmaster root
>>> set invisible
>>> poll mail.test.net with proto POP3 and options no dns
>>> user 'test' with pass "123456" is 'realuser at internal.net'
>>> smtphost 192.168.100.3
>>> Here is my incmoing mail header ;
>>> Received: from mail.test.net (mail.internal.net [192.168.100.3])
>>> by mail.ismail.net (Postfix) with ESMTP id 99A49E8288
>>> for <realuser at internal.net>; Wed, 20 Aug 2008 09:55:27 +0300 (EEST)
>>> As you see coming source is 192.168.100.3 so mailscanner thinks that
>>> it is
>>> localhost. My question was how can i leave message source untouched ?
>>> Thanks Edward :)
>>> ----- Original Message ----- From: "Edward Dekkers"
>>> <edward at tdcs.com.au>
>>> To: "'MailScanner discussion'" <mailscanner at lists.mailscanner.info>
>>> Sent: Wednesday, August 20, 2008 10:58 AM
>>> Subject: RE: Fetchmail and MailScanner
>>>> Hi all,
>>>> I am using fetchmail as a pop connector. It downloads a lot of pop3
>>>> from some isps and it works properly. Today i installed postfix and
>>>> mailscanner for filtering virus and spam mails on the same server but
>>>> is something wrong with mail headers. Because mail header says that
>>>> coming from localhost 127.0.0.1 which is already whitelisted. So every
>>>> incoming mail is tagged as clean. How can i fix this problem ? Can i
>>>> incoming mails to smtp with the original header?
>> doesn't the fetchmail "silent" switch do that for you?
> Sorry.. meant "invisible"
> The --invisible option (keyword: set invisible) tries to make
> fetchmail invisible. Normally, fetchmail behaves like any other MTA
> would -- it generates a Received header into each message describing
> its place in the chain of transmission, and tells the MTA it forwards
> to that the mail came from the machine fetchmail itself is running on.
> If the invisible option is on, the Received header is suppressed and
> fetchmail tries to spoof the MTA it forwards to into thinking it came
> directly from the mailserver host.
But that still won't fool MailScanner. MailScanner uses the SMTP client
address written into the email's envelope. The MTA takes this from the
IP address of the machine talking to it in the SMTP session during which
it received the message.
So no matter what options you set on fetchmail, that can only ever be
the IP address of the system itself, or localhost. So I fail to see how
playing with fetchmail configurations can possibly make any difference
The only thing that would make a difference is for me to start parsing
the first Received: header and pulling the IP addresses out of that.
Which I currently only do when
1) you are using Postfix
2) the Postfix envelope contains no IP address at all.
I would have to generalise this code for all the MTAs I support.
You would probably still have to tell fetchmail to not add its Received:
header even so.
Julian Field MEng CITP CEng
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner