Scan Messages = %rules-dir%/scan.messages.rules

Glenn Steen glenn.steen at gmail.com
Fri May 24 10:07:08 IST 2013


Hello Robert,

On 24 May 2013 00:58, Robert Lopez <rlopezcnm at gmail.com> wrote:
> On Thu, May 23, 2013 at 8:05 AM, Glenn Steen <glenn.steen at gmail.com> wrote:
>> Hello Robert,
>>
>> Two things come to mind:
>> 1) Go look in the logs (on the MailScanner host) again... Track one of
>> the messages that shouldn't have been scanned to see the actual
>> envelope sender and recipient(s)... Do they match what you have there?
>> 2) Use the eminent inbuilt ruleset checking capabilities of the
>> MailScanner command to check what will actually happen... Do
>> "MailScanner --help" to see the possible things you can do... Then do
>> something like:
>> MailScanner --value=scanmessages --from=students-bounces at cnm.edu
>> to see what the effect would be.
>>
>> I use the Scan Messages setting to do a blanket whitelist for
>> releasing from localhost, so ... Here's an example (run as the postfix
>> user):
>> -bash-3.2$ /usr/sbin/MailScanner --value=scanmessages
>> --from=tony.irving at nowhere.com --to=glenn.steen at ap1.se --ip=127.0.0.1
>> Looked up internal option name "scanmail"
>> With sender = tony.irving at nowhere.com
>>   recipient = glenn.steen at ap1.se
>> Client IP = 127.0.0.1
>> Virus =
>> Result is "0"
>>
>> 0=No 1=Yes
>> -bash-3.2$ /usr/sbin/MailScanner --value=scanmessages
>> --from=tony.irving at nowhere.com --to=glenn.steen at ap1.se --ip=127.0.0.2
>> Looked up internal option name "scanmail"
>> With sender = tony.irving at nowhere.com
>>   recipient = glenn.steen at ap1.se
>> Client IP = 127.0.0.2
>> Virus =
>> Result is "1"
>>
>> 0=No 1=Yes
>> -bash-3.2$
>>
>> You should probably do both the above suggestions:-).
>> Cheers!
>> --
>> -- Glenn
>> email: glenn < dot > steen < at > gmail < dot > com
>> work: glenn < dot > steen < at > ap1 < dot > se
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>
> Glenn,
>
> 1) You nailed it!  Out of the >100,000 email some of them to Gmail
> bounced back. It was the last step of the bounceback after the return
> to Mailman and on way to Exchange (the original sender) that was
> scanned. The bounce back messages were the ones that were scanned and
> logged. That becomes an separate problem to address.
Ah, good!
Or not:-). Handling bounces "correctly" is a pain:-)

> 2) If you write a book on MailScanner I will buy it.  All your advice
> is very good. You opened my mind to features I never considered.
> Now I see a faster way to determine how to take Martin's advice to
> "cope with the IP address of the Mailman server"
*Blush* You are too kind:-)
It's very unlikely I'll ever get the time to even write anything more
on the wiki, let alone a book (I work in a very small/slim
organization, where I do ... everything... that has anything remotely
to do with computers. About 4 years ago the situation went from bad to
worse, when we did a "right-sizing" from hell)...

Besides, Jules already wrote The Book on MailScanner;-)

Cheers!
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se


More information about the MailScanner mailing list