Fetchmail and MailScanner

Wed Aug 20 16:29:21 IST 2008

Glenn Steen wrote:
> 2008/8/20 Julian Field <MailScanner at ecs.soton.ac.uk>:
>   
>> Alex Broens wrote:
>>     
>>> On 8/20/2008 11:46 AM, Alex Broens wrote:
>>>       
>>>> On 8/20/2008 11:22 AM, Ismail OZATAY wrote:
>>>>         
>>>>> Hi Edward ,
>>>>>
>>>>> I always read every incoming mail carefully. Also i know that Fabio
>>>>> Silva 's
>>>>> problem is still going on because using smtphost setting will never fix
>>>>> that
>>>>> problem. Fetchmail is routing all emails to smtp so source seems
>>>>> interface's
>>>>> ip which is set before by smtphost.
>>>>>
>>>>> Here is my .fetchmailrc file;
>>>>>
>>>>> set daemon 20
>>>>> set syslog
>>>>> set postmaster root
>>>>> set invisible
>>>>> poll mail.test.net with proto POP3 and options no dns
>>>>>        user 'test' with pass "123456"  is 'realuser at internal.net'
>>>>>        keep
>>>>>        norewrite
>>>>>        smtphost 192.168.100.3
>>>>>
>>>>> Here is my incmoing mail header ;
>>>>>
>>>>> Received: from mail.test.net (mail.internal.net [192.168.100.3])
>>>>>    by mail.ismail.net (Postfix) with ESMTP id 99A49E8288
>>>>>    for <realuser at internal.net>; Wed, 20 Aug 2008 09:55:27 +0300 (EEST)
>>>>>
>>>>> As you see coming source is 192.168.100.3 so mailscanner thinks that it
>>>>> is
>>>>> localhost. My question was how can i leave message source untouched ?
>>>>>
>>>>> Thanks Edward  :)
>>>>>
>>>>> Regards,
>>>>>
>>>>> ismail
>>>>>
>>>>>
>>>>> ----- Original Message ----- From: "Edward Dekkers" <edward at tdcs.com.au>
>>>>> To: "'MailScanner discussion'" <mailscanner at lists.mailscanner.info>
>>>>> Sent: Wednesday, August 20, 2008 10:58 AM
>>>>> Subject: RE: Fetchmail and MailScanner
>>>>>
>>>>>
>>>>>           
>>>>>> Hi all,
>>>>>>
>>>>>> I am using fetchmail as a pop connector. It downloads a lot of pop3
>>>>>> inbox
>>>>>> from some isps and it works properly. Today i installed postfix and
>>>>>> mailscanner for filtering virus and spam mails on the same server but
>>>>>> there
>>>>>> is something wrong with mail headers. Because mail header says that
>>>>>> mail
>>>>>> coming from localhost 127.0.0.1 which is already whitelisted. So every
>>>>>> incoming mail is tagged as clean. How can i fix this problem ? Can i
>>>>>> send
>>>>>> incoming mails to smtp with the original header?
>>>>>>             
>>>> doesn't the fetchmail "silent" switch do that for you?
>>>>         
>>> Sorry.. meant "invisible"
>>>
>>> The --invisible option (keyword: set invisible) tries to make fetchmail
>>> invisible. Normally, fetchmail behaves like any other MTA would -- it
>>> generates a Received header into each message describing its place in the
>>> chain of transmission, and tells the MTA it forwards to that the mail came
>>> from the machine fetchmail itself is running on. If the invisible option is
>>> on, the Received header is suppressed and fetchmail tries to spoof the MTA
>>> it forwards to into thinking it came directly from the mailserver host.
>>>       
>> But that still won't fool MailScanner. MailScanner uses the SMTP client
>> address written into the email's envelope. The MTA takes this from the IP
>> address of the machine talking to it in the SMTP session during which it
>> received the message.
>>
>> So no matter what options you set on fetchmail, that can only ever be the IP
>> address of the system itself, or localhost. So I fail to see how playing
>> with fetchmail configurations can possibly make any difference to this.
>>
>> The only thing that would make a difference is for me to start parsing the
>> first Received: header and pulling the IP addresses out of that. Which I
>> currently only do when
>> 1) you are using Postfix
>> and
>> 2) the Postfix envelope contains no IP address at all.
>> I would have to generalise this code for all the MTAs I support.
>>
>> You would probably still have to tell fetchmail to not add its Received:
>> header even so.
>>
>> Jules
>>     
> Much simpler to just avoid MailScanner, while releasing from
> quarantine (and thus not needing the WL of 127.0.0.1)... As per my
> previous advice...
>
> Cheers
>   
Okay, the new beta is out.

The only thing I can think you might need now is to be able to give a 
list of IP addresses to ignore when looking for the "real" IP address in 
the headers. I'll add that if anyone thinks they need it. Shouldn't be 
too hard to add. Just need to convert a list of IP addresses (v4 and/or 
v6) into a regexp and check for that when matching the IP addresses 
found in the Received: headers. Lots of escaping, but nothing too tricky :-)

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.