watermark ruleset not firing

donald.dawson at bakerbotts.com donald.dawson at bakerbotts.com
Fri Apr 22 20:58:04 IST 2011 

I have created a watermark ruleset to do 'nothing' for specific mail
servers.  The entries are not matching.

I created watermark.rules in /etc/MailScanner/rules:

From:   copweed01.morganlewis.com nothing
From:   copweed02.morganlewis.com nothing
From:   cppweed01.morganlewis.com nothing
From:   12.53.161.110   nothing
From:   12.53.161.111   nothing
From:   12.155.22.28    nothing
FromOrTo:       default         3

Here are my watermark rules in my custom configuration file in
/etc/MailScanner/conf.d:

Use Watermarking = yes
Treat Invalid Watermarks With No Sender as Spam =
%rules-dir%/watermark.rules

What am I missing?

An example email that should have been excluded from the watermark
check:

Received: from copweed01.morganlewis.com (copweed01.morganlewis.com
[12.53.161.110])
	by alnmx01.bakerbotts.com (8.14.2/8.14.2) with ESMTP id
p3MFaCwj012804;
	Fri, 22 Apr 2011 10:36:19 -0500
Resent-Date: Fri, 22 Apr 2011 10:36:12 -0500
Resent-Message-Id: <201104221536.p3MFaCwj012804 at alnmx01.bakerbotts.com>
Received: from [10.242.132.22] by copweed01.morganlewis.com with ESMTP (
SMTP Relay (Email Firewall v6.5)); Fri, 22 Apr 2011 11:44:04 -0400
X-Server-Uuid: D6191EAF-0F04-49FC-A864-79434BF09F09
Resent-From: FractusJointDefenseGroup at morganlewis.com
Received: from copweed02.morganlewis.com (12.53.161.111) by
copexht02.morganlewis.net (10.242.132.22) with Microsoft SMTP Server id
8.2.254.0; Fri, 22 Apr 2011 11:36:05 -0400
Received: from [64.18.3.44] by copweed02.morganlewis.com over TLS
secured channel with ESMTP (SMTP Relay (Email Firewall v6.5)); Fri, 22
Apr 2011 11:46:52 -0400
X-Server-Uuid: D70207A0-A86D-4D47-8AAC-CD3A36FFCB7C
Received: from smtp1.atlantech.net ([209.183.192.110]) (using TLSv1) by
exprod8mx253.postini.com ([64.18.7.10]) with SMTP; Fri, 22 Apr 2011
 08:35:59 PDT
X-IronPort-AV: E=Sophos;i="4.64,254,1301889600";
d="scan'208,217";a="71729624"
Received: from ea.c3bccf.client.atlantech.net (HELO park-law.com) (
 [207.188.195.234]) by smtp1.atlantech.net with ESMTP/TLS/RC4-MD5; 22
Apr 2011 11:35:57 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Subject: RE: Fractus v. Samsung et al.
Date: Fri, 22 Apr 2011 11:36:02 -0400
Message-ID: <FA11762A28C4274E93B8D81A05917A0FA9E1AC at east.park-law.local>
In-Reply-To:
<D758CC4FAD3978498639789C594949A81373C28F15 at COPXCMS03.morganlewis.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Fractus v. Samsung et al.
thread-index: AcwAWNpB/cHvfz5ZSP+zULMZz2qU/QApx4ZAAAC+Y7A=
From: "Nathan H. Cristler" <NCristler at park-law.com>
To: "Busby, Robert W." <rbusby at morganlewis.com>,
        "Fractus Joint Defense Group"
<FractusJointDefenseGroup at morganlewis.com>,
        "fractus-mofo.com" <fractus at mofo.com>
X-pstn-neptune: 0/0/0.00/0
X-pstn-levels: (S:99.90000/99.90000 CV:99.9000 FC:95.5390 LC: 0.1839
 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
X-WSS-ID: 61AF7D612YK55634622-01-01
X-EMS-Proccessed: Q/C4TKuMQud1ZsPcuJv0Lg==
X-EMS-STAMP: oGRTyRFNCl8T0TguFL2xvw==
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-WSS-ID: 61AF7DCE2X07647132-02-01
Content-Type: multipart/alternative;
 boundary="----_=_NextPart_001_01CC0102.F8A39818"
X-BakerBotts-MailScanner-Information: Please contact Baker Botts IT Help
Desk for more information
X-BakerBotts-MailScanner-ID: p3MFaCwj012804
X-BakerBotts-MailScanner: Found to be clean
X-BakerBotts-MailScanner-SpamCheck: spam (no watermark or sender
address),
	SpamAssassin (not cached, score=-1.099, required 5,
	autolearn=not spam, BAYES_00 -0.40, HTML_MESSAGE 0.00,
	RCVD_IN_DNSWL_LOW -0.70)
X-BakerBotts-MailScanner-SpamScore: sssssss
X-BakerBotts-MailScanner-From: 
X-BakerBotts-MailScanner-Watermark:
1304091382.4845 at Or22gDB9+IlOGwIUABHy9g
X-Spam-Status: Yes


Donald Dawson
Security Administrator
Baker Botts L.L.P.
One Shell Plaza
910 Louisiana
Houston, TX 77002
W: 713-229-2183


Confidentiality Notice: The information contained in this email and any attachments is intended only for the recipient[s] listed above and may be privileged and confidential. Any dissemination, copying, or use of or reliance upon such information by or to anyone other than the recipient[s] listed above is prohibited. If you have received this message in error, please notify the sender immediately at the email address above and destroy any and all copies of this message.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110422/4a3e142f/attachment.html

More information about the MailScanner mailing list