MailScanner Deficiency: Multi-Ruleset Processing per Email Recipient

Martin Hepworth maxsec at
Fri Jul 11 14:49:04 IST 2014

Might want to also consider having a more flexible approach as Alex had
Will also help with some of the hardware requirements as you can also
reject non-valid recipients at MTA as well as splitting the emails up, so
the core MailScanner farm has less to do.

Martin Hepworth, CISSP
Oxford, UK

On 11 July 2014 09:51, Sam Gelbart <samg at> wrote:

> Hi All,
> We at SYNAQ use and have used Mailscanner for many years. As an Email
> Hygiene provider MailScanner has served us very well.
> However, as we have grown (very rapidly in the past 6 months, to many more
> customer domains) we have noticed some deficiencies in MailScanner.
> Below is a brief description covering our problem areas:
> Overview
> The issue has arisen due to SYNAQ's ever growing client base and the fact
> that we're provisioning more and more customers (and email domains) on our
> hygiene platform, and that more than one of these customer
> recipients/domains (and their applicable rulesets) are being addressed in
> the same email.
> Problem 1
> 1) and are both provisioned on our platform.
> 2) has quarantining of SPAM configured, while does
> not.
> 3) Mailscanner accepts the message for processing but "chooses"
> user at and as the Message's "to_address" and
> "to_domain".
> 4) MailScanner determines that the message is SPAM and because it has
> "chosen" as the email domain it deletes the message as the
> configured spam action for @abc.coz.a is to delete.
> 5) However the rule for is to store/quarantine spam. This does
> not happen because of the actions above and data is also never logged via
> MailWatch.
> 6) The example above is a based on very simple scenario, and as you are
> aware this applies to many more complex rulesets (size, File Type etc)
> across the system.
> Problem 2
> 1) and are both provisioned on our platform.
> 2) A third party emails both user at and user at in a
> single email message.
> 3) Mailscanner accepts the message for processing but "chooses"
> user at and as the Message's "to_address" and
> "to_domain".
> 4) When the message is processed, the script receives a
> message object for SQL logging with data only for user at and
>; is never logged.
> Finally we have considered splitting incoming messages by recipient at an
> MTA level to address this problem, but our calculations show that it would
> require 3.5x more hardware to process this increased mail load. So for us a
> MailsScanner solution is ideal.
> Based on the above, could you tell me if there is anything that can be
> done from a MailScanner community point of view to help develop MailScanner
> functionality to address these issues?
> We'd be very happy to give a nice donation for a fix or patch.
> Also if the community has any ideas on other ways we can remedy this
> problem we welcome your feedback.
> Thanks and regards,
> Sam Gelbart
> --
> MailScanner mailing list
> mailscanner at
> Before posting, read
> Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the MailScanner mailing list