Fetchmail and MailScanner

Wed Aug 20 16:22:14 IST 2008

Glenn Steen wrote:
> 2008/8/20 Julian Field <MailScanner at ecs.soton.ac.uk>:
>   
>> Alex Broens wrote:
>>     
>>> On 8/20/2008 11:46 AM, Alex Broens wrote:
>>>       
>>>> On 8/20/2008 11:22 AM, Ismail OZATAY wrote:
>>>>         
>>>>> Hi Edward ,
>>>>>
>>>>> I always read every incoming mail carefully. Also i know that Fabio
>>>>> Silva 's
>>>>> problem is still going on because using smtphost setting will never fix
>>>>> that
>>>>> problem. Fetchmail is routing all emails to smtp so source seems
>>>>> interface's
>>>>> ip which is set before by smtphost.
>>>>>
>>>>> Here is my .fetchmailrc file;
>>>>>
>>>>> set daemon 20
>>>>> set syslog
>>>>> set postmaster root
>>>>> set invisible
>>>>> poll mail.test.net with proto POP3 and options no dns
>>>>>        user 'test' with pass "123456"  is 'realuser at internal.net'
>>>>>        keep
>>>>>        norewrite
>>>>>        smtphost 192.168.100.3
>>>>>
>>>>> Here is my incmoing mail header ;
>>>>>
>>>>> Received: from mail.test.net (mail.internal.net [192.168.100.3])
>>>>>    by mail.ismail.net (Postfix) with ESMTP id 99A49E8288
>>>>>    for <realuser at internal.net>; Wed, 20 Aug 2008 09:55:27 +0300 (EEST)
>>>>>
>>>>> As you see coming source is 192.168.100.3 so mailscanner thinks that it
>>>>> is
>>>>> localhost. My question was how can i leave message source untouched ?
>>>>>
>>>>> Thanks Edward  :)
>>>>>
>>>>> Regards,
>>>>>
>>>>> ismail
>>>>>
>>>>>
>>>>> ----- Original Message ----- From: "Edward Dekkers" <edward at tdcs.com.au>
>>>>> To: "'MailScanner discussion'" <mailscanner at lists.mailscanner.info>
>>>>> Sent: Wednesday, August 20, 2008 10:58 AM
>>>>> Subject: RE: Fetchmail and MailScanner
>>>>>
>>>>>
>>>>>           
>>>>>> Hi all,
>>>>>>
>>>>>> I am using fetchmail as a pop connector. It downloads a lot of pop3
>>>>>> inbox
>>>>>> from some isps and it works properly. Today i installed postfix and
>>>>>> mailscanner for filtering virus and spam mails on the same server but
>>>>>> there
>>>>>> is something wrong with mail headers. Because mail header says that
>>>>>> mail
>>>>>> coming from localhost 127.0.0.1 which is already whitelisted. So every
>>>>>> incoming mail is tagged as clean. How can i fix this problem ? Can i
>>>>>> send
>>>>>> incoming mails to smtp with the original header?
>>>>>>             
>>>> doesn't the fetchmail "silent" switch do that for you?
>>>>         
>>> Sorry.. meant "invisible"
>>>
>>> The --invisible option (keyword: set invisible) tries to make fetchmail
>>> invisible. Normally, fetchmail behaves like any other MTA would -- it
>>> generates a Received header into each message describing its place in the
>>> chain of transmission, and tells the MTA it forwards to that the mail came
>>> from the machine fetchmail itself is running on. If the invisible option is
>>> on, the Received header is suppressed and fetchmail tries to spoof the MTA
>>> it forwards to into thinking it came directly from the mailserver host.
>>>       
>> But that still won't fool MailScanner. MailScanner uses the SMTP client
>> address written into the email's envelope. The MTA takes this from the IP
>> address of the machine talking to it in the SMTP session during which it
>> received the message.
>>
>> So no matter what options you set on fetchmail, that can only ever be the IP
>> address of the system itself, or localhost. So I fail to see how playing
>> with fetchmail configurations can possibly make any difference to this.
>>
>> The only thing that would make a difference is for me to start parsing the
>> first Received: header and pulling the IP addresses out of that. Which I
>> currently only do when
>> 1) you are using Postfix
>> and
>> 2) the Postfix envelope contains no IP address at all.
>> I would have to generalise this code for all the MTAs I support.
>>
>> You would probably still have to tell fetchmail to not add its Received:
>> header even so.
>>
>> Jules
>>     
> Much simpler to just avoid MailScanner, while releasing from
> quarantine (and thus not needing the WL of 127.0.0.1)... As per my
> previous advice...
>   
That doesn't solve the generic problem of wanting to use the IP address 
where the mail came from, not the address of the server which is running 
fetchmail.

So I have added this option, which will be in the next beta release.

# When working out from IP address the message was sent from,
# no  ==> use the SMTP client address, ie. the address of the system talking
#         to the MailScanner server. This is the normal setting.
# yes ==> use the first IP address contained in the first "Received:" header
#         at the top of the email message's headers.
#
# This is very useful when you are injecting mail into a MailScanner server
# using "fetchmail" as otherwise all mail will appear to be coming from the
# the IP address of the system running "fetchmail", and not the address the
# mail actually came from.
# You need to use this together with the "silent" option in "fetchmail", so
# that "fetchmail" does not add its own "Received:" header to the start of
# the message.
#
# This value *cannot* be the filename of a ruleset.
Read IP Address From Received Header = no

Hopefully that will help people out. It only addresses the problem where 
fetchmail is running on the localhost, I suspect, but I am sure you will 
let me know the limitations of this addition.

I'll put out a new beta right now with this in it.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.