Remove headers before MailScanner

Glenn Steen glenn.steen at gmail.com
Thu Oct 25 14:55:32 IST 2012


So why dont they just relay your domain? Or am I reading this slightly
wrong, so that you actually mean "yes, the recipients being forwarded are
in the same domain (Swiss owned) as other non-forwarded recipients, and are
aliased to our local domain, rather than being a straightforward relay"?
If that is the case, you'd need do some hacking in MailWatch.pm to "solve"
this, as well as look at the Received: futzing in both SA and MS. Or make
the forward->relay...:-)

Cheers
-- 
-- Glenn
Den 23 okt 2012 19:36 skrev "Dave Gattis" <mailscanner at romehosting.com>:

> Forwarder (exchange) is in Switzerland.  Destination (postfix) is in USA.
> Non-related domains.
> --
> Dave Gattis
>
>
> > hmm looks like exch doing a crap job of forwarding the emails, either
> that
> > or it's poorly setup. My exch just forwards the emails to my local exch
> > server without all this extra cruft in the logs.
> >
> > Are these two sites part of the same AD domain or do they run some sort
> of
> > split design?
> >
> > --
> > Martin Hepworth, CISSP
> > Oxford, UK
> >
> >
> > On 23 October 2012 14:08, Dave Gattis <mailscanner at romehosting.com>
> wrote:
> >
> >> According to mailwatch, here's all the listed headers:
> >>
> >> Received: from mail1.domain1.com (mail1.domain1.com [XX.XXX.XXX.XX])
> >>       by domain1.com (Postfix) with ESMTP id D30D01C100FB
> >>       for <dave.gattis at domain2.com>; Tue, 23 Oct 2012 08:48:31 -0400
> >> (EDT)
> >> Received: from  mail2.domain1.com ([ffff::aaaa:8888:bbbb:7777]) by
> >> mail2.domain2.com ([ffff::aaaa:8888:bbbb:7777]) with Microsoft SMTP
> >> Server id
> >> 14.01.0355.002; Tue, 23 Oct 2012 14:48:25 +0200
> >> From: Dave Gattis <dave.gattis at hotmail.com>  <-- MailScanner/MailWatch
> >> ignores this line
> >> To: Dave Gattis <dave.gattis at domain1.com>
> >> Subject: test for mailscanner group
> >> Date: Tue, 23 Oct 2012 12:48:40 +0000
> >> Message-ID: <b4339c5b9c53472eae950d4ff046d840 at mail2.domain1.com>
> >> Resent-From: <dave.gattis at domain1.com>  <-- MailScanner/MailWatch
> >> considers this line to be the sender
> >> Content-Type: multipart/alternative;
> >>       boundary="_000_b4339c5b9c53472eae950d4ff046d840mail2domain1com_"
> >> MIME-Version: 1.0
> >>
> >> MailWatch's recent messages tab displays the message like this, only in
> >> column format:
> >>
> >>
> >> Date/Time:
> >> 23/10/12
> >> 08:48:33
> >>
> >> From:
> >> dave.gattis at domain1.com  (needs to be dave.gattis at hotmail.com)
> >>
> >> To:
> >> dave.gattis at sdomain2.com
> >>
> >> Subject:
> >> test for mailscanner group
> >>
> >> Size
> >> 2.2Kb
> >>
> >> SA Score
> >> -1.02
> >>
> >> Status
> >> Clean
> >>
> >>
> >> --
> >> Dave Gattis
> >>
> >>
> >> > Mailwatch uses the "envelope-from" to display in the list.
> >> >
> >> > On 23 October 2012 12:58, Dave Gattis <mailscanner at romehosting.com>
> >> wrote:
> >> >
> >> >> Let me see if I can explain this properly:
> >> >>
> >> >> a at hotmail.com sends to b at mydomain1.com.
> >> >>
> >> >> a rule exists at mydomain1.com to redirect to c at mydomain2.com,
> >> therefore
> >> >>
> >> >> a at hotmail.com arrives safely c at mydomain2.com.
> >> >>
> >> >> When opening the email, it looks like this:
> >> >>
> >> >> From: a at hotmail.com
> >> >> To: b at mydomain1.com
> >> >>
> >> >> This is exactly what I want and works perfectly in any mail client.
> >> >>
> >> >> Unfortunately, when you look at the list of messages MailScanner has
> >> >> processed (using the MailWatch frontend), every message, no matter
> >> who
> >> >> from looks like this:
> >> >>
> >> >> From: b at mydomain1.com
> >> >> To: c at mydomain2.com
> >> >>
> >> >> This renders white/blacklisting useless, and subject lines are the
> >> only
> >> >> clues available for releasing SPAM.  When looking at the raw headers,
> >> >> the
> >> >> redirect is adding a "Resent-From" header which I believe is
> >> overriding
> >> >> the "From" header.
> >> >>
> >> >> No matter what is received, MailScanner is basing some of it's
> >> decisions
> >> >> on the "Resent-From" address which lowers the score for all messages.
> >> >>
> >> >> This is what happens when corporations make poor decisions.
> >> >> Unfortunately, I am forced to find a workaround for it.
> >> >>
> >> >> Thanks,
> >> >> --
> >> >> Dave Gattis
> >> >>
> >> >>
> >> >> > Le 22/10/2012 15:26, Dave Gattis a écrit :
> >> >> >> Each message is stamped with "Resent-From" and "Return-Path" of
> >> the
> >> >> >> redirecting address.  I can strip those headers out, after
> >> >> MailScanner,
> >> >> >> but really need them removed before.
> >> >> >
> >> >> > Why do you really need them removed? If it's just for spamassassin,
> >> >> you
> >> >> > can use bayes_ignore_header in your local.cf file.
> >> >> >
> >> >> > John.
> >> >> >
> >> >> > --
> >> >> > -- Over 5000 webcams from ski resorts around the world -
> >> >> www.snoweye.com
> >> >> > -- Translate your technical documents and web pages    -
> >> www.tradoc.fr
> >> >> > --
> >> >> > MailScanner mailing list
> >> >> > mailscanner at lists.mailscanner.info
> >> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >> >> >
> >> >> > Before posting, read http://wiki.mailscanner.info/posting
> >> >> >
> >> >> > Support MailScanner development - buy the book off the website!
> >> >> >
> >> >>
> >> >>
> >> >> --
> >> >> MailScanner mailing list
> >> >> mailscanner at lists.mailscanner.info
> >> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >> >>
> >> >> Before posting, read http://wiki.mailscanner.info/posting
> >> >>
> >> >> Support MailScanner development - buy the book off the website!
> >> >>
> >> > --
> >> > MailScanner mailing list
> >> > mailscanner at lists.mailscanner.info
> >> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >> >
> >> > Before posting, read http://wiki.mailscanner.info/posting
> >> >
> >> > Support MailScanner development - buy the book off the website!
> >> >
> >>
> >>
> >> --
> >> MailScanner mailing list
> >> mailscanner at lists.mailscanner.info
> >> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >>
> >> Before posting, read http://wiki.mailscanner.info/posting
> >>
> >> Support MailScanner development - buy the book off the website!
> >>
> > --
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> >
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121025/fca2ab49/attachment.html 


More information about the MailScanner mailing list