MailScanner Deficiency: Multi-Ruleset Processing per Email Recipient

Sam Gelbart samg at synaq.com
Fri Jul 11 09:51:06 IST 2014 

Hi All, 

We at SYNAQ use and have used Mailscanner for many years. As an Email Hygiene provider MailScanner has served us very well.
However, as we have grown (very rapidly in the past 6 months, to many more customer domains) we have noticed some deficiencies in MailScanner. 

Below is a brief description covering our problem areas: 

Overview 
The issue has arisen due to SYNAQ's ever growing client base and the fact that we're provisioning more and more customers (and email domains) on our hygiene platform, and that more than one of these customer recipients/domains (and their applicable rulesets) are being addressed in the same email. 

Problem 1 
1) abc.co.za and xyz.co.za are both provisioned on our platform. 
2) abc.co.za has quarantining of SPAM configured, while xyz.co.za does not. 
3) Mailscanner accepts the message for processing but "chooses" user at abc.co.za and abc.co.za as the Message's "to_address" and "to_domain". 
4) MailScanner determines that the message is SPAM and because it has "chosen" @abc.co.za as the email domain it deletes the message as the configured spam action for @abc.coz.a is to delete. 
5) However the rule for xyz.co.za is to store/quarantine spam. This does not happen because of the actions above and data is also never logged via MailWatch. 
6) The example above is a based on very simple scenario, and as you are aware this applies to many more complex rulesets (size, File Type etc) across the system.

Problem 2 
1) abc.co.za and xyz.co.za are both provisioned on our platform. 
2) A third party emails both user at abc.co.za and user at xyz.co.za in a single email message. 
3) Mailscanner accepts the message for processing but "chooses" user at abc.co.za and abc.co.za as the Message's "to_address" and "to_domain". 
4) When the message is processed, the MailWatch.pm script receives a message object for SQL logging with data only for user at abc.co.za and abc.co.za; xyz.co.za is never logged. 

Finally we have considered splitting incoming messages by recipient at an MTA level to address this problem, but our calculations show that it would require 3.5x more hardware to process this increased mail load. So for us a MailsScanner solution is ideal.

Based on the above, could you tell me if there is anything that can be done from a MailScanner community point of view to help develop MailScanner functionality to address these issues? 
We'd be very happy to give a nice donation for a fix or patch.

Also if the community has any ideas on other ways we can remedy this problem we welcome your feedback. 

Thanks and regards, 

Sam Gelbart
SYNAQ

More information about the MailScanner mailing list