Scan Messages = %rules-dir%/scan.messages.rules

Thu May 23 23:58:26 IST 2013

On Thu, May 23, 2013 at 8:05 AM, Glenn Steen <glenn.steen at gmail.com> wrote:
> Hello Robert,
>
> Two things come to mind:
> 1) Go look in the logs (on the MailScanner host) again... Track one of
> the messages that shouldn't have been scanned to see the actual
> envelope sender and recipient(s)... Do they match what you have there?
> 2) Use the eminent inbuilt ruleset checking capabilities of the
> MailScanner command to check what will actually happen... Do
> "MailScanner --help" to see the possible things you can do... Then do
> something like:
> MailScanner --value=scanmessages --from=students-bounces at cnm.edu
> to see what the effect would be.
>
> I use the Scan Messages setting to do a blanket whitelist for
> releasing from localhost, so ... Here's an example (run as the postfix
> user):
> -bash-3.2$ /usr/sbin/MailScanner --value=scanmessages
> --from=tony.irving at nowhere.com --to=glenn.steen at ap1.se --ip=127.0.0.1
> Looked up internal option name "scanmail"
> With sender = tony.irving at nowhere.com
>   recipient = glenn.steen at ap1.se
> Client IP = 127.0.0.1
> Virus =
> Result is "0"
>
> 0=No 1=Yes
> -bash-3.2$ /usr/sbin/MailScanner --value=scanmessages
> --from=tony.irving at nowhere.com --to=glenn.steen at ap1.se --ip=127.0.0.2
> Looked up internal option name "scanmail"
> With sender = tony.irving at nowhere.com
>   recipient = glenn.steen at ap1.se
> Client IP = 127.0.0.2
> Virus =
> Result is "1"
>
> 0=No 1=Yes
> -bash-3.2$
>
> You should probably do both the above suggestions:-).
> Cheers!
> --
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

Glenn,

1) You nailed it!  Out of the >100,000 email some of them to Gmail
bounced back. It was the last step of the bounceback after the return
to Mailman and on way to Exchange (the original sender) that was
scanned. The bounce back messages were the ones that were scanned and
logged. That becomes an separate problem to address.

2) If you write a book on MailScanner I will buy it.  All your advice
is very good. You opened my mind to features I never considered.
Now I see a faster way to determine how to take Martin's advice to
"cope with the IP address of the Mailman server"

--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106