{Disarmed} Watermarking not working

Martin.Hepworth martinh at solidstatelogic.com
Fri Oct 31 09:48:13 GMT 2008


there was a fix for watermarking in 4.71.6, but as Julian's about to pop out a new stable in the 48 hours mught be worth hanging on for that,.

also I don't see the watermark in the header that messagelabs rejected. looks like they are bouncing not rejecting..

Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of BlaaT 0001
Sent: 31 October 2008 09:39
To: MailScanner discussion
Subject: {Disarmed} Watermarking not working

Hello all,

I'm still having problems using watermarking. My MailScanner settings related to watermarking are:

Use Watermarking = yes
Add Watermark = %rules-dir%/add.watermark.rules
Check Watermarks With No Sender = %rules-dir%/check.watermarks.with.no.sender.rules
Treat Invalid Watermarks With No Sender as Spam = 20
Check Watermarks To Skip Spam Checks = no
Watermark Secret = ***************
Watermark Lifetime = 604800
Watermark Header = X-%org-name%-WM:

We add a watermark on outgoing mail, and we check incoming mail on watermarks (using the rulesets).

Every "no sender" mail gets marked by the watermarking feature, from the logfile:

Oct 31 08:39:31 mailscan02 MailScanner[26686]: Message 720DF48F44B.05390 had bad watermark, added 20 to spam score
Oct 31 08:39:31 mailscan02 MailScanner[26686]: Message 720DF48F44B.05390 from  <> MailScanner warning: numerical links are often malicious: () to ourdomain.tld is spam (no watermark or sender address), SpamAssassin (score=0, vereist 20, autolearn=disabled)

This was a legit bounce mail, a response to a mail send from our MailScanner machine with a watermark attached.

This is the full message:


Received: from mail91.messagelabs.com (mail91.messagelabs.com [ <> MailScanner warning: numerical links are often malicious:])
        by mailscan02.ourdomain.tld (Postfix) with ESMTP id 720DF48F44B
        for <ra.user at ourdomain.tld>; Fri, 31 Oct 2008 08:39:26 +0100 (CET)
X-VirusChecked: Checked
X-Msg-Ref: server-7.tower-91.messagelabs.com!1225438765!40564331!1
X-StarScan-Version:; banners=-,-,-
X-Originating-IP: [ <> MailScanner warning: numerical links are often malicious:]
X-SpamReason: No, hits=0.0 required=7.0 tests=
Received: (qmail 30403 invoked from network); 31 Oct 2008 07:39:25 -0000
Received: from net3-nl-smtp-01.vevida.net (HELO net3-nl-smtp-01.vevida.net) ( <> MailScanner warning: numerical links are often malicious:
  by server-7.tower-91.messagelabs.com with AES256-SHA encrypted SMTP; 31 Oct 2008 07:39:25 -0000
Received: from net3-nl-mail-02.vevida.net (net3-nl-mail-02.vevida.net [ <> MailScanner warning: numerical links are often malicious:])
        by net3-nl-smtp-01.vevida.net (Postfix) with ESMTP id 3976B2EC542
        for <ra.user at ourdomain.tld>; Fri, 31 Oct 2008 08:39:25 +0100 (CET)
Received: by net3-nl-mail-02.vevida.net (Postfix, from userid 8)
        id 3793E35002B; Fri, 31 Oct 2008 08:39:25 +0100 (CET)
Message-ID: <dovecot-1225438765-217569-0 at net3-nl-mail-02.vevida.net>
Date: Fri, 31 Oct 2008 08:39:25 +0100
From: Mail Delivery Subsystem <postmaster at vevida.net>
To: <ra.user at ourdomain.tld>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=disposition-notification;
Subject: Automatically rejected mail
Auto-Submitted: auto-replied (rejected)
Precedence: bulk

This is a MIME-encapsulated message

Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

Your message to <newz at raar-nieuws.nl> was automatically rejected:
Quota exceeded
Content-Type: message/disposition-notification

Reporting-UA: net3-nl-mail-02.vevida.net; Dovecot Mail Delivery Agent
Final-Recipient: rfc822; newz at raar-nieuws.nl
Original-Message-ID: <F5C8BFB7A516F643817E53C49577255F01164454 at EXCHANGE3.internal.domain>
Disposition: automatic-action/MDN-sent-automatically; deleted

Content-Type: message/rfc822

Return-Path: <ra.user at ourdomain.tld>
Delivered-To: newz at raar-nieuws.nl
Received: from net3-nl-mx-03.vevida.net (net3-nl-mx-03.vevida.net [ <> MailScanner warning: numerical links are often malicious:])
        by net3-nl-mail-02.vevida.net (Postfix) with ESMTP id 332F8350029
        for <newz at raar-nieuws.nl>; Fri, 31 Oct 2008 08:39:25 +0100 (CET)
X-Virus-Scanned: amavisd-new at vevida.net
X-Spam-Status: No, score=0.202 required=5 tests=[ANY_BOUNCE_MESSAGE=0.1,
Received: from mail.ourdomain.tld (mail.ourdomain.tld [our.ip.add.ress])
        by net3-nl-mx-03.vevida.net (Postfix) with ESMTP id 38DB8976BC
        for <newz at raar-nieuws.nl>; Fri, 31 Oct 2008 08:39:24 +0100 (CET)
Received: from sgmg.ourdomain.tld (sgmg.ourdomain.tld [ <> MailScanner warning: numerical links are often malicious:])
        by mailscan02.ourdomain.tld (Postfix) with ESMTP id B76B148F448
Received: (from smtpd at by sgmg.prdf.nl (8.13.8/8.13.8)
        id m9V7dJj1022834 for <newz at raar-nieuws.nl>; Fri, 31 Oct 2008 08:39:19 +0100
Received: from unknown [ <> MailScanner warning: numerical links are often malicious:] by gateway id /processing/kwlCeRw3; Fri Oct 31 08:39:19 2008
MIME-Version: 1.0
X-MimeOLE: Produced By Microsoft Exchange V6.5
Subject: Out of Office AutoReply: RaaR - muziek op zondag -  Jazz au Foyer
Date: Fri, 31 Oct 2008 08:39:18 +0100
Message-ID: <F5C8BFB7A516F643817E53C49577255F01164454 at EXCHANGE3.internal.domain>
Thread-Topic: RaaR - muziek op zondag -  Jazz au Foyer
Thread-Index: Ack7K8SpBsNSNiAkRmq5jBTFlWpQiwAAAOPO
From: "User, R" <ra.user at ourdomain.tld>
To: "RaaR eten & drinken" <newz at raar-nieuws.nl>
Content-class: urn:content-classes:message
X-ORG-WM: 1226043563.0392 at OUzi9liSBFaJtjtI7nMePQ
X-ORG: Clean

We're using a third party to scan our email and forward it to us. We use MailScanner to filter out marked messages (spam header), we don't do much spam-scanning ourselves, just the default SpamAssassin ruleset without any dns checks. All our outgoing mail is relayed through the MailScanner machine and then delivered directly to the receiver's mailserver.

We're using Postfix 2.5.1 as a MTA on an OpenBSD 4.3 machine.

-bash-3.2# /opt/MailScanner/bin/MailScanner -v
Running on
OpenBSD mailscan02.ourdomain.tld 4.3 GENERIC#698 i386
This is Perl version 5.008008 (5.8.8)

This is MailScanner version 4.70.7
Module versions are:
1.00    AnyDBM_File
1.23    Archive::Zip
0.21    bignum
1.04    Carp
2.008   Compress::Zlib
1.119   Convert::BinHex
0.17    Convert::TNEF
2.121_08        Data::Dumper
2.27    Date::Parse
1.00    DirHandle
1.05    Fcntl
2.74    File::Basename
2.09    File::Copy
2.01    FileHandle
1.08    File::Path
0.19    File::Temp
0.90    Filesys::Df
1.35    HTML::Entities
3.56    HTML::Parser
2.37    HTML::TokeParser
1.23    IO
1.14    IO::File
1.13    IO::Pipe
2.02    Mail::Header
1.86    Math::BigInt
0.19    Math::BigRat
3.07    MIME::Base64
5.425   MIME::Decoder
5.425   MIME::Decoder::UU
5.425   MIME::Head
5.425   MIME::Parser
3.07    MIME::QuotedPrint
5.425   MIME::Tools
0.11    Net::CIDR
1.25    Net::IP
0.16    OLE::Storage_Lite
1.04    Pod::Escapes
3.05    Pod::Simple
1.09    POSIX
1.19    Scalar::Util
1.78    Socket
2.16    Storable
1.4     Sys::Hostname::Long
0.18    Sys::Syslog
1.26    Test::Pod
0.7     Test::Simple
1.9707  Time::HiRes
1.02    Time::localtime

Optional module versions are:
1.36    Archive::Tar
0.21    bignum
missing Business::ISBN
missing Business::ISBN::Data
missing Data::Dump
1.814   DB_File
1.14    DBD::SQLite
1.59    DBI
1.14    Digest
1.01    Digest::HMAC
2.36    Digest::MD5
2.11    Digest::SHA1
missing Encode::Detect
missing Error
missing ExtUtils::CBuilder
missing ExtUtils::ParseXS
2.36    Getopt::Long
missing Inline
1.08    IO::String
1.08    IO::Zlib
missing IP::Country
missing Mail::ClamAV
3.002004        Mail::SpamAssassin
missing Mail::SPF
1.999001        Mail::SPF::Query
missing Module::Build
0.20    Net::CIDR::Lite
0.63    Net::DNS
missing Net::DNS::Resolver::Programmable
missing Net::LDAP
missing NetAddr::IP
missing Parse::RecDescent
missing SAVI
2.64    Test::Harness
missing Test::Manifest
1.95    Text::Balanced
1.35    URI
missing version
missing YAML

What could be causing this? Why isn't watermarking working properly?
Any help is much appreciated!


Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20081031/8718bce9/attachment.html

More information about the MailScanner mailing list