(2nd Request) Disable scanning for a client that connects via SMTP-AUTH

Scott Silva ssilva at sgvwater.com
Wed May 27 20:55:18 IST 2009 

on 5-22-2009 5:47 PM Gary Faith spake the following:
> I am trying to get around the problem of whitelisting my entire domain
> which is what I did earlier by allowing any message FROM my domain name
> without scanning.  As I said earlier, this caused problems because
> people were using my server to send spam using my domain.  I only want
> it to not scan e-mail when it is from the server that authenticates. 
>  
> The server that I am talking about is a mail server, which used to have
> a static IP, I use for another unrelated business and my personal
> e-mail.  Due to circumstances, I had to move the server to dynamic DSL
> (YUCK!) and now I need to relay the mail through the mail scanner
> because outbound mail would be blocked by RBL's  and I have no option to
> add another mail scanner server at this time.  There are other
> people that I need to have admin access to mailwatch & mailscanner
> giving them the ability to add users, change configuration, read &
> release messages, etc.  I do not want others to be able to read my other
> business & personal e-mails, etc.  So you see that is why I don't want
> all mail scanned. 
>  
> I need a solutions and I thought someone on this list would have a
> brilliant idea on how to do this.  It can't be that hard, can it?
> 
>>>> Eli Wapniarski <eli at orbsky.homelinux.org> 5/21/2009 12:54 AM >>>
> Gary... With all due respect. Assuming that the mail coming from your
> servers is not affected by something bad is a mistake. Not to mention,
> spam that uses your domain as email addresses in the to / from to get
> around just the kind of scenario is also makes your strategy a mistake.
> 
> What harm besides having your server do some work would be caused by
> having all the mail scanned?
> 
> On Thursday 21 May 2009 04:50:33 Gary Faith wrote:
>> I am running MailScanner 4.75 on x86_64 and Sendmail 8.13.  I have a
> situation where I am relaying e-mail for a trusted mail server with a
> dynamic IP who connects to my mail scanner via SMTP Auth.  I don't have
> a need for scanning the outbound e-mail from this server but I do need
> to have the inbound mail scanned.  So I figured I would add the domain
> to scan.messages.rules. 
>> 
>> From:    domain.com   no
>> 
>> This had the effect of stopping scanning of the mail which was
> desired  but now spam is coming in with the From addresss the same as
> the To address like: xyz at domain.com to xyz at domain.com.  These messages
> are not being scanned and getting passed through due to the rule above. 
> Obviously, I didn't think this through correctly and I need a better
> solution.
>> 
>> What is required:
>> 1.  Outbound mail from the server with a dynamic IP which
> authenticates to the mail scanner via SMTP Auth = Not Scanned.  I
> wouldn't care if it just goes from sendmail-in to sendmail-out and not
> even go through mailscanner but I don't know if that is possible.
>> 2.  All other mail scanned (like normal).
>> 
>> I know I can't base a rule on the IP address since it is dynamic but I
> am unsure of any other way to accomplish this.  Any thoughts on how I
> can accomplish this?
>> 
>> Thanks,
>>
>> Gary Faith
>>
Can you set your system to send to your scanner on another port? You could set
another daemon to listen on that port and then dump the mail on without
scanning it.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090527/193e576b/signature-0001.bin

More information about the MailScanner mailing list