(2nd Request) Disable scanning for a client that connects viaSMTP-AUTH

Alex Neuman alex at rtpty.com
Thu May 28 02:24:45 IST 2009


You can configure an instance of sendmail running on port 587 that will only
accept authenticated traffic, and use its own queue folder
(/var/spool/mqueue.auth for example). That should keep things nice, neat and
separate.

On Wed, May 27, 2009 at 3:13 PM, Gary Faith <gafaith at asdm.net> wrote:

>  I can check to see if I can send to another port.
>
> How do I configure another sendmail daemon to listen on a different port?
> Will this daemon receive and send  or would I specify the "out queue" of the
> Mailscanner sendmail process as it's queue?  Not real sure about this.
>
> Gary
>
> >>> Scott Silva <ssilva at sgvwater.com> 5/27/2009 3:55 PM >>>
>
> on 5-22-2009 5:47 PM Gary Faith spake the following:
> > I am trying to get around the problem of whitelisting my entire domain
> > which is what I did earlier by allowing any message FROM my domain name
> > without scanning.  As I said earlier, this caused problems because
> > people were using my server to send spam using my domain.  I only want
> > it to not scan e-mail when it is from the server that authenticates.
> >
> > The server that I am talking about is a mail server, which used to have
> > a static IP, I use for another unrelated business and my personal
> > e-mail.  Due to circumstances, I had to move the server to dynamic DSL
> > (YUCK!) and now I need to relay the mail through the mail scanner
> > because outbound mail would be blocked by RBL's  and I have no option to
> > add another mail scanner server at this time.  There are other
> > people that I need to have admin access to mailwatch & mailscanner
> > giving them the ability to add users, change configuration, read &
> > release messages, etc.  I do not want others to be able to read my other
> > business & personal e-mails, etc.  So you see that is why I don't want
> > all mail scanned.
> >
> > I need a solutions and I thought someone on this list would have a
> > brilliant idea on how to do this.  It can't be that hard, can it?
> >
> >>>> Eli Wapniarski <eli at orbsky.homelinux.org> 5/21/2009 12:54 AM >>>
> > Gary... With all due respect. Assuming that the mail coming from your
> > servers is not affected by something bad is a mistake. Not to mention,
> > spam that uses your domain as email addresses in the to / from to get
> > around just the kind of scenario is also makes your strategy a mistake.
> >
> > What harm besides having your server do some work would be caused by
> > having all the mail scanned?
> >
> > On Thursday 21 May 2009 04:50:33 Gary Faith wrote:
> >> I am running MailScanner 4.75 on x86_64 and Sendmail 8.13.  I have a
> > situation where I am relaying e-mail for a trusted mail server with a
> > dynamic IP who connects to my mail scanner via SMTP Auth.  I don't have
> > a need for scanning the outbound e-mail from this server but I do need
> > to have the inbound mail scanned.  So I figured I would add the domain
> > to scan.messages.rules.
> >>
> >> From:    domain.com   no
> >>
> >> This had the effect of stopping scanning of the mail which was
> > desired  but now spam is coming in with the From addresss the same as
> > the To address like: xyz at domain.com to xyz at domain.com.  These messages
> > are not being scanned and getting passed through due to the rule above.
> > Obviously, I didn't think this through correctly and I need a better
> > solution.
> >>
> >> What is required:
> >> 1.  Outbound mail from the server with a dynamic IP which
> > authenticates to the mail scanner via SMTP Auth = Not Scanned.  I
> > wouldn't care if it just goes from sendmail-in to sendmail-out and not
> > even go through mailscanner but I don't know if that is possible.
> >> 2.  All other mail scanned (like normal).
> >>
> >> I know I can't base a rule on the IP address since it is dynamic but I
> > am unsure of any other way to accomplish this.  Any thoughts on how I
> > can accomplish this?
> >>
> >> Thanks,
> >>
> >> Gary Faith
> >>
> Can you set your system to send to your scanner on another port? You could
> set
> another daemon to listen on that port and then dump the mail on without
> scanning it.
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>


-- 
Alex Neuman van der Hans
Reliant Technologies
+507 6781-9505
+507 202-1525
alex at rtpty.com
Skype: alexneuman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090527/caeb091d/attachment.html


More information about the MailScanner mailing list