selecting message that should go into MailScanner

Martin Hepworth maxsec at
Thu Feb 12 15:08:11 GMT 2009

2009/2/12 Martin Hepworth <maxsec at>:
> 2009/2/12 Alessandro Dentella <sandro at>:
>> On Thu, Feb 12, 2009 at 01:26:41PM +0100, Glenn Steen wrote:
>>> 2009/2/12 Kai Schaetzl <maillists at>:
>>> > I think you should direct your question to a postfix list if you want to
>>> > do this in postfix. If you want to exemt mail in MS from scanning you want
>>> > to use
>>> > Scan Messages = %rules-dir%/scan.messages.rules
>>> >
>>> > Kai
>>> Actually.... SInce Hugo van der Koij has made a very successful
>>> "selective postfix" setup, and posted it here... this list isn't a bad
>>> choice:-). At least not when it comes to finding that solution.
>>> Basically one would replace the header checks with a rather specific
>>> access map instead... Lets see if I can find the reference...
>>> Here you go
>>> (and yes, this was addressed both to Alessandro and you Kai:-):-)
>>> Cheers
>> ehm... sure, that's the link I reported in my original mail that I tried to
>> implement. I tried to follow it but I can't really get it working. I don't
>> think that's fault of the recepe but I must be doing something silly so that
>> no messages gets into the rule even if I use:
>>  /.*/                                    HOLD
>>  /^$/                                    HOLD
>> I admit this is almost a postfix question but I thuoght this is interesting
>> for this list and probably there is real knowledge on this subject here.
>> Personally I don't like the idea of letting it into MailScanner. There's no
>> point in Scanning 50.000 email in a newsletter not even just for
>> phishing/virus: the're all the same!!!
> depends on the the risk you define if the 50,000 emails all have same
> same malware/phishing/... issue!

Actually - let me put that..

suppose scammer/spammer uses the 'from' as that of the news
letter....all of a sudden you're letting everything bad through, with
no checks what-so-ever.

Now I've mentioned it I'm surprised that malware people don't use it
in order to circumvent mail filters in that way that
from:me at to: me at domain spam tries to do.

ie if many people are whitelisting a 'from: *'
there's an easy vector around mail scanners.

This is the reason why I suggested you just skip the MailScanner spam
tests and not all others.

Martin Hepworth
Oxford, UK

More information about the MailScanner mailing list