MailScanner Deficiency: Multi-Ruleset Processing per Email Recipient
Martin Hepworth
maxsec at gmail.com
Fri Jul 11 14:49:04 IST 2014
Might want to also consider having a more flexible approach as Alex had
mentioned.
Will also help with some of the hardware requirements as you can also
reject non-valid recipients at MTA as well as splitting the emails up, so
the core MailScanner farm has less to do.
--
Martin Hepworth, CISSP
Oxford, UK
On 11 July 2014 09:51, Sam Gelbart <samg at synaq.com> wrote:
> Hi All,
>
> We at SYNAQ use and have used Mailscanner for many years. As an Email
> Hygiene provider MailScanner has served us very well.
> However, as we have grown (very rapidly in the past 6 months, to many more
> customer domains) we have noticed some deficiencies in MailScanner.
>
> Below is a brief description covering our problem areas:
>
> Overview
> The issue has arisen due to SYNAQ's ever growing client base and the fact
> that we're provisioning more and more customers (and email domains) on our
> hygiene platform, and that more than one of these customer
> recipients/domains (and their applicable rulesets) are being addressed in
> the same email.
>
> Problem 1
> 1) abc.co.za and xyz.co.za are both provisioned on our platform.
> 2) abc.co.za has quarantining of SPAM configured, while xyz.co.za does
> not.
> 3) Mailscanner accepts the message for processing but "chooses"
> user at abc.co.za and abc.co.za as the Message's "to_address" and
> "to_domain".
> 4) MailScanner determines that the message is SPAM and because it has
> "chosen" @abc.co.za as the email domain it deletes the message as the
> configured spam action for @abc.coz.a is to delete.
> 5) However the rule for xyz.co.za is to store/quarantine spam. This does
> not happen because of the actions above and data is also never logged via
> MailWatch.
> 6) The example above is a based on very simple scenario, and as you are
> aware this applies to many more complex rulesets (size, File Type etc)
> across the system.
>
> Problem 2
> 1) abc.co.za and xyz.co.za are both provisioned on our platform.
> 2) A third party emails both user at abc.co.za and user at xyz.co.za in a
> single email message.
> 3) Mailscanner accepts the message for processing but "chooses"
> user at abc.co.za and abc.co.za as the Message's "to_address" and
> "to_domain".
> 4) When the message is processed, the MailWatch.pm script receives a
> message object for SQL logging with data only for user at abc.co.za and
> abc.co.za; xyz.co.za is never logged.
>
> Finally we have considered splitting incoming messages by recipient at an
> MTA level to address this problem, but our calculations show that it would
> require 3.5x more hardware to process this increased mail load. So for us a
> MailsScanner solution is ideal.
>
> Based on the above, could you tell me if there is anything that can be
> done from a MailScanner community point of view to help develop MailScanner
> functionality to address these issues?
> We'd be very happy to give a nice donation for a fix or patch.
>
> Also if the community has any ideas on other ways we can remedy this
> problem we welcome your feedback.
>
> Thanks and regards,
>
> Sam Gelbart
> SYNAQ
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140711/7580c8fe/attachment.html
More information about the MailScanner
mailing list