{Disarmed} RE: Watermarking, checking bounced mail with sender address

Julian Field MailScanner at ecs.soton.ac.uk
Thu Jul 8 10:13:59 IST 2010


Do remember that you can test the output of your rulesets for specific 
addresses and so on.
Run "MailScanner --help" and it will print the usage for you, which 
includes a tool for printing the result of a configuration setting.

Jules.

On 08/07/2010 10:01, ACHA | Cor van den Berghe wrote:
>
> Hmm…. now that you mention it… It should be after MailScanner checked 
> it, but it looks like they were skipped.
> I'll check the configuration for any rules that might explain why they 
> were not checked
> Thanks!
>
> *From:* maxsec at gmail.com 
> [mailto:mailscanner-bounces at lists.mailscanner.info] *On Behalf Of 
> *Martin Hepworth
> *Sent:* donderdag 8 juli 2010 10:50
> *To:* MailScanner discussion
> *Subject:* Re: Watermarking, checking bounced mail with sender address
>
> Hi
>
> are these headers before or after mailscanner should have checked the 
> message? If it's after then I see indication that mailscanner has 
> scanned the message as there are no X-Mailscanner headers.
>
> On 8 July 2010 09:40, ACHA | Cor van den Berghe <cbe at acha.nl 
> <mailto:cbe at acha.nl>> wrote:
>
> Sorry that I didn't make it clear enough.
>
> I was under the impression that MailScanner does 2 checks before it 
> checks the watermark:
> 1. check if the mail has no sender
> 2. check if the mail is bounced
>
> If these 2 conditions are true than MailScanner checks the watermark.
>
> When I check the mail that has been proccessed by MailScanner I find 
> that some messages which have no sender are marked as spam because 
> MailScanner checked the watermark. On other bounced message, which do 
> have a sender address the watermark is not checked
>
> Below is a header of a bounced message which was not marked as spam 
> and was not send to the person who got the error message
>
> ----------------------------
> Return-Path: <?g>
> Received: from 75-44-14-134.hadlaw.com 
> <http://75-44-14-134.hadlaw.com> (75-44-14-134.hadlaw.com 
> <http://75-44-14-134.hadlaw.com> [75.44.14.134] (may be forged))
>     by standic-ls.standic.lan (8.13.8/8.13.8) with ESMTP id o67FlPaf022789
>     for <kruining at fakecompany.com <mailto:kruining at fakecompany.com>>; 
> Wed, 7 Jul 2010 17:47:26 +0200
> Received: from 75.44.14.134 (*MailScanner warning: numerical links are 
> often malicious:* 75.44.14.134:87288 <http://75.44.14.134:87288>)
>     by rmwlaw.com.inbound15.mxlogic.net 
> <http://rmwlaw.com.inbound15.mxlogic.net> (envelope-from 
> <drollnessnpr76 at rmwlaw.com <mailto:drollnessnpr76 at rmwlaw.com>>)
>     (ecelerity 2.2.2.45 r(34067)) with ECSTREAM
>     id 41/73-73224-F30ZP2Q6; Wed, 7 Jul 2010 11:47:06 -0500
> X-Facebook: from HADXP6 ([LBX2RvMgJV5q])
>     by www.facebook.com <http://www.facebook.com> with HTTP (ZuckMail);
> Date: Wed, 7 Jul 2010 11:47:06 -0500
> To: kruining at fakecompany.com <mailto:kruining at fakecompany.com>
> From: <postmaster at fakecompany.com <mailto:postmaster at fakecompany.com>>
> Reply-to: drollnessnpr76 at rmwlaw.com <mailto:drollnessnpr76 at rmwlaw.com>
> Subject: Delivery Status Notification (Failure)
> Message-ID: 47B7B9EDAC6340DE905D63D452E09AC6 at HADXP6
> X-Priority: 3
> X-Mailer: ZuckMail [version 1.00]
> X-Facebook-Notify: password_reset; mailid=
> Errors-To: drollnessnpr76 at rmwlaw.com <mailto:drollnessnpr76 at rmwlaw.com>
> X-FACEBOOK-PRIORITY: 1
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
> boundary="----------4B7BE4D399338AA1"
> --------------------------------------------------
>
> Again please forgive me if I can't make it more clear but English is 
> not my native language
>
> Regards,
> Cor.
>
>
>
>
> -----Original Message-----
> From: MailScanner at ecs.soton.ac.uk <mailto:MailScanner at ecs.soton.ac.uk> 
> [mailto:mailscanner-bounces at lists.mailscanner.info 
> <mailto:mailscanner-bounces at lists.mailscanner.info>] On Behalf Of 
> Julian Field
> Sent: donderdag 8 juli 2010 10:18
> To: MailScanner discussion
> Subject: Re: Watermarking, checking bounced mail with sender address
>
> Do you mean the From: address or the envelope sender address?
> MailScanner does nothing with the From: address.
>
> On 08/07/2010 07:27, ACHA | Cor van den Berghe wrote:
> > Hi all,
> >
> > As I understand it MailScanner only checks the watermark on bounced 
> email with no sender address. Is it somehow possible to have 
> MaiScanner check the watermark on all bounced email?
> > Lately I get a lot of backscatter mail that have a From: address and 
> I have no idea how to stop it
> > Thanks for any help you can give me
> >
> > Regards,
> > Cor van den Berghe
> >
> >
>
> Jules
>
> --
> Julian Field MEng CITP CEng
>
>
>
> -- 
> Martin Hepworth
> Oxford, UK
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list