Fetchmail and MailScanner
Ismail OZATAY
ismail at ismailozatay.net
Thu Aug 21 08:18:59 IST 2008
Hi Julian ,
And also i found something about white/blacklist.If we use this option for
white/black list too it will be better. Because source ip is different
again.
Thanks
ismail
----- Original Message -----
From: "Julian Field" <MailScanner at ecs.soton.ac.uk>
To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
Sent: Wednesday, August 20, 2008 6:29 PM
Subject: Re: Fetchmail and MailScanner
>
>
> Glenn Steen wrote:
>> 2008/8/20 Julian Field <MailScanner at ecs.soton.ac.uk>:
>>
>>> Alex Broens wrote:
>>>
>>>> On 8/20/2008 11:46 AM, Alex Broens wrote:
>>>>
>>>>> On 8/20/2008 11:22 AM, Ismail OZATAY wrote:
>>>>>
>>>>>> Hi Edward ,
>>>>>>
>>>>>> I always read every incoming mail carefully. Also i know that Fabio
>>>>>> Silva 's
>>>>>> problem is still going on because using smtphost setting will never
>>>>>> fix
>>>>>> that
>>>>>> problem. Fetchmail is routing all emails to smtp so source seems
>>>>>> interface's
>>>>>> ip which is set before by smtphost.
>>>>>>
>>>>>> Here is my .fetchmailrc file;
>>>>>>
>>>>>> set daemon 20
>>>>>> set syslog
>>>>>> set postmaster root
>>>>>> set invisible
>>>>>> poll mail.test.net with proto POP3 and options no dns
>>>>>> user 'test' with pass "123456" is 'realuser at internal.net'
>>>>>> keep
>>>>>> norewrite
>>>>>> smtphost 192.168.100.3
>>>>>>
>>>>>> Here is my incmoing mail header ;
>>>>>>
>>>>>> Received: from mail.test.net (mail.internal.net [192.168.100.3])
>>>>>> by mail.ismail.net (Postfix) with ESMTP id 99A49E8288
>>>>>> for <realuser at internal.net>; Wed, 20 Aug 2008 09:55:27 +0300
>>>>>> (EEST)
>>>>>>
>>>>>> As you see coming source is 192.168.100.3 so mailscanner thinks that
>>>>>> it
>>>>>> is
>>>>>> localhost. My question was how can i leave message source untouched ?
>>>>>>
>>>>>> Thanks Edward :)
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> ismail
>>>>>>
>>>>>>
>>>>>> ----- Original Message ----- From: "Edward Dekkers"
>>>>>> <edward at tdcs.com.au>
>>>>>> To: "'MailScanner discussion'" <mailscanner at lists.mailscanner.info>
>>>>>> Sent: Wednesday, August 20, 2008 10:58 AM
>>>>>> Subject: RE: Fetchmail and MailScanner
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Hi all,
>>>>>>>
>>>>>>> I am using fetchmail as a pop connector. It downloads a lot of pop3
>>>>>>> inbox
>>>>>>> from some isps and it works properly. Today i installed postfix and
>>>>>>> mailscanner for filtering virus and spam mails on the same server
>>>>>>> but
>>>>>>> there
>>>>>>> is something wrong with mail headers. Because mail header says that
>>>>>>> mail
>>>>>>> coming from localhost 127.0.0.1 which is already whitelisted. So
>>>>>>> every
>>>>>>> incoming mail is tagged as clean. How can i fix this problem ? Can i
>>>>>>> send
>>>>>>> incoming mails to smtp with the original header?
>>>>>>>
>>>>> doesn't the fetchmail "silent" switch do that for you?
>>>>>
>>>> Sorry.. meant "invisible"
>>>>
>>>> The --invisible option (keyword: set invisible) tries to make fetchmail
>>>> invisible. Normally, fetchmail behaves like any other MTA would -- it
>>>> generates a Received header into each message describing its place in
>>>> the
>>>> chain of transmission, and tells the MTA it forwards to that the mail
>>>> came
>>>> from the machine fetchmail itself is running on. If the invisible
>>>> option is
>>>> on, the Received header is suppressed and fetchmail tries to spoof the
>>>> MTA
>>>> it forwards to into thinking it came directly from the mailserver host.
>>>>
>>> But that still won't fool MailScanner. MailScanner uses the SMTP client
>>> address written into the email's envelope. The MTA takes this from the
>>> IP
>>> address of the machine talking to it in the SMTP session during which it
>>> received the message.
>>>
>>> So no matter what options you set on fetchmail, that can only ever be
>>> the IP
>>> address of the system itself, or localhost. So I fail to see how playing
>>> with fetchmail configurations can possibly make any difference to this.
>>>
>>> The only thing that would make a difference is for me to start parsing
>>> the
>>> first Received: header and pulling the IP addresses out of that. Which I
>>> currently only do when
>>> 1) you are using Postfix
>>> and
>>> 2) the Postfix envelope contains no IP address at all.
>>> I would have to generalise this code for all the MTAs I support.
>>>
>>> You would probably still have to tell fetchmail to not add its Received:
>>> header even so.
>>>
>>> Jules
>>>
>> Much simpler to just avoid MailScanner, while releasing from
>> quarantine (and thus not needing the WL of 127.0.0.1)... As per my
>> previous advice...
>>
>> Cheers
>>
> Okay, the new beta is out.
>
> The only thing I can think you might need now is to be able to give a list
> of IP addresses to ignore when looking for the "real" IP address in the
> headers. I'll add that if anyone thinks they need it. Shouldn't be too
> hard to add. Just need to convert a list of IP addresses (v4 and/or v6)
> into a regexp and check for that when matching the IP addresses found in
> the Received: headers. Lots of escaping, but nothing too tricky :-)
>
> Jules
>
> --
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> MailScanner customisation, or any advanced system administration help?
> Contact me at Jules at Jules.FM
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> PGP public key: http://www.jules.fm/julesfm.asc
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list