Remove headers before MailScanner
Dave Gattis
mailscanner at romehosting.com
Tue Oct 23 18:11:21 IST 2012
Forwarder (exchange) is in Switzerland. Destination (postfix) is in USA.
Non-related domains.
--
Dave Gattis
> hmm looks like exch doing a crap job of forwarding the emails, either that
> or it's poorly setup. My exch just forwards the emails to my local exch
> server without all this extra cruft in the logs.
>
> Are these two sites part of the same AD domain or do they run some sort of
> split design?
>
> --
> Martin Hepworth, CISSP
> Oxford, UK
>
>
> On 23 October 2012 14:08, Dave Gattis <mailscanner at romehosting.com> wrote:
>
>> According to mailwatch, here's all the listed headers:
>>
>> Received: from mail1.domain1.com (mail1.domain1.com [XX.XXX.XXX.XX])
>> by domain1.com (Postfix) with ESMTP id D30D01C100FB
>> for <dave.gattis at domain2.com>; Tue, 23 Oct 2012 08:48:31 -0400
>> (EDT)
>> Received: from mail2.domain1.com ([ffff::aaaa:8888:bbbb:7777]) by
>> mail2.domain2.com ([ffff::aaaa:8888:bbbb:7777]) with Microsoft SMTP
>> Server id
>> 14.01.0355.002; Tue, 23 Oct 2012 14:48:25 +0200
>> From: Dave Gattis <dave.gattis at hotmail.com> <-- MailScanner/MailWatch
>> ignores this line
>> To: Dave Gattis <dave.gattis at domain1.com>
>> Subject: test for mailscanner group
>> Date: Tue, 23 Oct 2012 12:48:40 +0000
>> Message-ID: <b4339c5b9c53472eae950d4ff046d840 at mail2.domain1.com>
>> Resent-From: <dave.gattis at domain1.com> <-- MailScanner/MailWatch
>> considers this line to be the sender
>> Content-Type: multipart/alternative;
>> boundary="_000_b4339c5b9c53472eae950d4ff046d840mail2domain1com_"
>> MIME-Version: 1.0
>>
>> MailWatch's recent messages tab displays the message like this, only in
>> column format:
>>
>>
>> Date/Time:
>> 23/10/12
>> 08:48:33
>>
>> From:
>> dave.gattis at domain1.com (needs to be dave.gattis at hotmail.com)
>>
>> To:
>> dave.gattis at sdomain2.com
>>
>> Subject:
>> test for mailscanner group
>>
>> Size
>> 2.2Kb
>>
>> SA Score
>> -1.02
>>
>> Status
>> Clean
>>
>>
>> --
>> Dave Gattis
>>
>>
>> > Mailwatch uses the "envelope-from" to display in the list.
>> >
>> > On 23 October 2012 12:58, Dave Gattis <mailscanner at romehosting.com>
>> wrote:
>> >
>> >> Let me see if I can explain this properly:
>> >>
>> >> a at hotmail.com sends to b at mydomain1.com.
>> >>
>> >> a rule exists at mydomain1.com to redirect to c at mydomain2.com,
>> therefore
>> >>
>> >> a at hotmail.com arrives safely c at mydomain2.com.
>> >>
>> >> When opening the email, it looks like this:
>> >>
>> >> From: a at hotmail.com
>> >> To: b at mydomain1.com
>> >>
>> >> This is exactly what I want and works perfectly in any mail client.
>> >>
>> >> Unfortunately, when you look at the list of messages MailScanner has
>> >> processed (using the MailWatch frontend), every message, no matter
>> who
>> >> from looks like this:
>> >>
>> >> From: b at mydomain1.com
>> >> To: c at mydomain2.com
>> >>
>> >> This renders white/blacklisting useless, and subject lines are the
>> only
>> >> clues available for releasing SPAM. When looking at the raw headers,
>> >> the
>> >> redirect is adding a "Resent-From" header which I believe is
>> overriding
>> >> the "From" header.
>> >>
>> >> No matter what is received, MailScanner is basing some of it's
>> decisions
>> >> on the "Resent-From" address which lowers the score for all messages.
>> >>
>> >> This is what happens when corporations make poor decisions.
>> >> Unfortunately, I am forced to find a workaround for it.
>> >>
>> >> Thanks,
>> >> --
>> >> Dave Gattis
>> >>
>> >>
>> >> > Le 22/10/2012 15:26, Dave Gattis a écrit :
>> >> >> Each message is stamped with "Resent-From" and "Return-Path" of
>> the
>> >> >> redirecting address. I can strip those headers out, after
>> >> MailScanner,
>> >> >> but really need them removed before.
>> >> >
>> >> > Why do you really need them removed? If it's just for spamassassin,
>> >> you
>> >> > can use bayes_ignore_header in your local.cf file.
>> >> >
>> >> > John.
>> >> >
>> >> > --
>> >> > -- Over 5000 webcams from ski resorts around the world -
>> >> www.snoweye.com
>> >> > -- Translate your technical documents and web pages -
>> www.tradoc.fr
>> >> > --
>> >> > MailScanner mailing list
>> >> > mailscanner at lists.mailscanner.info
>> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >> >
>> >> > Before posting, read http://wiki.mailscanner.info/posting
>> >> >
>> >> > Support MailScanner development - buy the book off the website!
>> >> >
>> >>
>> >>
>> >> --
>> >> MailScanner mailing list
>> >> mailscanner at lists.mailscanner.info
>> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >>
>> >> Before posting, read http://wiki.mailscanner.info/posting
>> >>
>> >> Support MailScanner development - buy the book off the website!
>> >>
>> > --
>> > MailScanner mailing list
>> > mailscanner at lists.mailscanner.info
>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >
>> > Before posting, read http://wiki.mailscanner.info/posting
>> >
>> > Support MailScanner development - buy the book off the website!
>> >
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
More information about the MailScanner
mailing list