Scan Messages = %rules-dir%/scan.messages.rules
Martin Hepworth
maxsec at gmail.com
Thu May 23 10:20:10 IST 2013
I'd suggest the scan.messages.rules be amended to cope with the ip-address
of the MailMan server. otherwise anyone faking the from address is going to
sail straight passed your email scanning.
--
Martin Hepworth, CISSP
Oxford, UK
On 22 May 2013 22:42, Robert Lopez <rlopezcnm at gmail.com> wrote:
> On Wed, May 22, 2013 at 12:28 PM, Steve Campbell <campbell at cnpapers.com>
> wrote:
> > Perhaps you should send us the "Scan Messages" line from your
> > MailScanner.conf file and what you have in your file that is pointed to
> > in by line above.
> >
> > Have you restarted or reloaded MS since you changed the file?
> >
> > Depending on what you have in that line and file, you probably shouldn't
> > be seeing those lines in your mail log.
> >
> > steve campbell
>
> The situation I am trying to understand is email being scanned by
> SpamAssassin when I thought
> I had all the systems configured to not scan the email at all.
>
> Email generated by an office where the persons use Outlook to compose
> email goes to an Exchange server and it is then relayed to an email
> gateway. These email are from CNM_Official_Info at cnm.edu to
> students at cnm.edu. The email gateway relays the email to a Mailman ($
> postmap -q students /etc/postfix/virtualaliases -> students at listserv)
> server.
>
> Mailman then sends the message to all the students who are members of
> the students list. So each student has a copy generated that is from
> students-bounces at cnm.edu to <individual-student>@cnm.edu which is sent
> back to the email gateways.
>
> A Postfix rewrite via a virtualaliases map sends each email from
> students-bounces at cnm.edu to <individual-student>@...gmail.com.
>
> MailScanner.conf and conf.d/CNM-MailScanner.conf (newest gateway)
> all have "Scan Messages = %rules-dir%/scan.messages.rules".
> I had put both 'From' in scan.messages.rules:
>
> From: students-bounces at cnm.edu no
> From: cnm_official_info at cnm.edu no #This is not a case match to
> original
>
> This directive and data file have been working for years.
> However yesterday I noticed the email in this case (students list)
> do get a SpamAssassin score and my thinking is this should not be
> happening.
>
> Each email has a line such as this example:
>
> May 20 12:55:08 mg04 MailScanner[11127]: Message 55370642025.7712B
> from 198.133.182.29 () to cnm.edu is not spam, SpamAssassin (not
> cached, score=-1.699, required 6, autolearn=disabled, CNM_EXCUSE 0.30,
> CNM_FROM -1.00, CNM_ITS -1.00, HTML_MESSAGE 0.00)
>
> There has been no recent change to any of these files. MailScanner is
> always
> restarted or reloaded when ever any configuration file is modified. In
> fact,
> the scripts to modify any component and copy them to the gateways do the
> force-reload and test ($?) to see the return status.
>
> --
> Robert Lopez
> Unix Systems Administrator
> Central New Mexico Community College (CNM)
> 525 Buena Vista SE
> Albuquerque, New Mexico 87106
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130523/3116290d/attachment.html
More information about the MailScanner
mailing list