Scan Messages = %rules-dir%/scan.messages.rules

Robert Lopez rlopezcnm at gmail.com
Wed May 22 18:45:17 IST 2013


On Wed, May 22, 2013 at 2:20 AM, Martin Hepworth <maxsec at gmail.com> wrote:
>
> 1) nope, email addresses are not case sensitive.
> 2) Envelope, MS always uses the Envelope-from in from parsing.
> 3) this is the 'big knob' that tells whether MailScanner scans the email or
> not. Way before it's passed to SA, anti-virus or checked by mailScanner
> again RBLS (independently of SA). etc. Be very careful with setting as it's
> basically sending email through with zero scanning. Might want to look at
> the the "Is definitely Not spam" setting. Normally this is only used for
> trusted ip-addresses not email 'from' addresses.
>
> hope that helps
>
> --
> Martin Hepworth, CISSP
> Oxford, UK
>
>
> On 22 May 2013 02:18, Robert Lopez <rlopezcnm at gmail.com> wrote:
>>
>> wrt "Scan Messages = %rules-dir%/scan.messages.rules"
>>
>> Three questions:
>>
>> 1) Does MailScanner do a case sensitive match when
>> scan.messages.rules file is used?
>>
>> 2) Which "From:" does scan.messages.rules use (Envelope or Email Body)?
>>
>> 3) Does MailScanner directly implement the match and action or is this
>> passed to SpamAssassin to do the match and action?
>>
>> --
>> Robert Lopez
>> Unix Systems Administrator
>> Central New Mexico Community College (CNM)
>> 525 Buena Vista SE
>> Albuquerque, New Mexico 87106
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>

Martin,

Please clarify to which rule "Normally this" refers.
I believe you are stating "Is definitely Not spam" is only used for
trusted ip-addresses not email 'from' addresses.

The situation I am trying to understand is email being scanned by
SpamAssassin when I thought
I had the system configured to not scan the email at all.

May 20 12:55:08 mg04 MailScanner[11127]: Message 55370642025.7712B
from 198.133.182.29 () to cnm.edu
is not spam, SpamAssassin (not cached, score=-1.699, required 6,
autolearn=disabled, CNM_EXCUSE 0.30,
CNM_FROM -1.00, CNM_ITS -1.00, HTML_MESSAGE 0.00)

--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106


More information about the MailScanner mailing list