quarantine release might lose mail?

Steve Freegard steve.freegard at fsl.com
Thu Dec 17 18:13:58 GMT 2009

On 17/12/09 16:17, Frank Cusack wrote:
> On December 17, 2009 3:04:59 PM +0000 Steve Freegard
> <steve.freegard at fsl.com> wrote:
>> Huh? Don't see what this has to do with anything if you use MailScanner
>> properly.
>> It's a *gateway* and should be running as the inbound MX for your domain
>> and 'Read IP Address from Received Header' should be left well alone.
>> MailScanner will read the client IP address from the queue file.
> It is not a gateway. It does not even implement an SMTP client much
> less a server. It is a filter.

I disagree - if deployed as documented e.g. MTA in -> MailScanner -> MTA 
out - then the sum of the parts can be called a gateway.

>> That how all of us use it....
> Apparently not as some solutions using it as other than a gateway are
> documented. One may not have the network configuration to support
> using it as a gateway. Just for example, if you have a backup MX
> server, perhaps you cannot run MailScanner on that server. In which
> case you MUST have a hop before your MS server so that when mail is
> forwarded from the backup to the MS server, the source IP is properly
> interpreted.
> Or are you saying that everyone using MS "properly" must have enough
> resources to have a backup MX server on another network and under
> their direct control.

A very 1990s-style set-up.  Backup MXes that are not within your control 
are spam magnets and should be avoided at all costs.  They will cause 
backscatter unless a lot of care is taken in their configuration.

They need to be configured with as strict rules as the primary systems 
and implement things like recipient verification.

>> I'm going to guess that you're trying to use a single MailScanner systems
>> for inbound and outbound scanning and that you want to apply rules to
>> your MUA clients separately using the IP address supplied in the Received
>> headers by your mail server which is using the MailScanner gateway as a
>> smart host.... if so - run a separate outbound gateway and configure
>> 'Read IP Address from Received Header' accordingly.
> That is correct, however just as I am unable to run MS on my MX host
> I am unable to run MS on my SMTP host (the host which receives mail from
> users).

Hmmm ... configuration like that leaves you with seriously limited 
options.   No wonder you were asking about the 'bounce' action...

>> If you need anything more complex - then write a CustomFunction on 'Read
>> IP Address from Received Header' and parse the received headers yourself
>> and return the correct number back using that.
> It was much less complex (trivial as I noted) to properly release a
> queue file from the quarantine.



More information about the MailScanner mailing list