MailScanner rules problem

nilton at hgnet.com.br nilton at hgnet.com.br
Fri Mar 16 17:13:42 UTC 2018


Hi,

I've been doing a lot of testing and I've seen that MailScanner 
perfectly recognizes rules written using spaces or <tab>, with or 
without * before @ and even with regular expression.

I have seen that MailScanner does not receive or recognize only the 
rules for local domains with the expression "To:" and so it does not 
follow the rule. I've also seen that even for local domains for the 
expression "From:" the rule is followed.

Looking at the header of a message sent from a user to itself, the To: 
field appears empty, different from the From: field:
Return-Path: <nilton at domain1.com.br>
Delivered-To: nilton at domain1.com.br
X-Spam-Status: No
*X-HGnet-MailScanner-To:
X-HGnet-MailScanner-From:* nilton at domain1.com.br

The question is: Could the Postfix be creating a header with information 
not recognized by MailScanner? Why the MailScanner does not  recognize 
only the local domains in "To:" rule, but recognize "From:" rule. My 
search is currently focused on this issue.


Em 14/3/2018 17:40, Jim Creason escreveu:
>
>
> You don't have a wildcard asterisk before the @ in your rules, adding 
> that would fix it, I believe.
>
>
> On 3/14/2018 3:21 PM, nilton at hgnet.com.br wrote:
>>
>> Hi List
>>
>> This is my first post here, so I'm sorry for my blunders. Sorry also 
>> for my very bad english.
>>
>> I have a new installation of MailScanner with Postfix and Mysql and I 
>> am seeing a serious problem that I have not been able to solve yet 
>> and I need your help:
>>
>> Ubuntu 16.04 + MailScanner 5.0.7-2 + Postfix 3.1.0-3 + MySQL 5.7.21
>>
>> Everything works fine except for one detail. All rules related to 
>> domains hosted on this mailserver are ignored by MailScanner.
>>
>> Look this:
>>
>> Local domains:
>> domain1.com.br
>> domain2.com.br
>> domain3.com.br
>>
>> ----------------
>> MailScanner.com
>> Archive Mail = %rules-dir%/archive.rules
>> Spam Actions = %rules-dir%/archive-spam.rules
>> Required SpamAssassin Score = %rules-dir%/score.rules
>> Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules
>> -----------------
>>
>> archive.rules
>> FromOrTo:      @domain2.com.br monitor at domain2.com.br
>> FromOrTo:      @domain3.com.br monitor at domain3.com.br
>> FromOrTo:      default monitor at X-Domain1-MailScanner-To:.com.br
>>
>> The rules for domin2.com.br and domain3.com.br are ignored by 
>> Mailscanner and all messages follow default rules.
>> ----------------
>>
>> archive-spam.rules
>> To:     @domain2.com.br     forward spam at domain2.com.br delete header 
>> "X-Spam-Status: Yes"
>> To:     @domain3.com.br     forward spam at domain3.com.br delete header 
>> "X-Spam-Status: Yes"
>> From:   default             forward 
>> spam at X-Domain1-MailScanner-To:.com.br delete header "X-Spam-Status: Yes"
>>
>> In the same way, the rules for domin2.com.br and domain3.com.br are 
>> ignored by Mailscanner and all the messages follow default rules.
>> --------------------
>>
>> score.rules
>> To:       @domain2.com.br                  8.0
>> To:       @domain3.com.br                  9.0
>> To:       default                                      5.0
>>
>> All messages for domain2.com and domain3.com are cached or not based 
>> on default score 5.0.
>> ------------------
>>
>> spam.whitelist.rules
>> From:     @domain1.com.br             yes
>> From:     @domain2.com.br             yes
>> From:     @domain3.com.br             yes
>> From:     @google.com                 yes
>> FromOrTo: default                     no
>>
>> Interestingly the "From:" rules even for local domains are recognized 
>> by MailScanner.
>> Thus, it is possible to conclude that only the rules that contain 
>> "To:" only for local domains do not work.
>> ----------------------
>>
>> Notice the message header below that X-Domain1-MailScanner-To: It is 
>> empty, but X-Domain1-MailScanner-From: is not empty.
>>
>> Return-Path: <usertmp at Domain1.com.br>
>> Delivered-To: usertmp at Domain1.com.br
>> X-Spam-Status: No
>> X-Domain1-MailScanner-To:
>> X-Domain1-MailScanner-From: usertmp at Domain1.com.br
>> X-Domain1-MailScanner-SpamCheck: não spam (está em uma lista branca),
>>     SpamAssassin (escore=0.4, requerido 4, ALL_TRUSTED -1.00,
>>     BR_SAVED_URI 1.50, DKIM_SIGNED 0.10, DKIM_VALID -0.10,
>>     DKIM_VALID_AU -0.10)
>> X-Domain1-MailScanner: Found to be clean
>> X-Domain1-MailScanner-ID: B6EBB14201A.AE9C1
>> X-Domain1-MailScanner-Information: Please contact the ISP for more 
>> information
>> Received: from webmail.Domain1.com.br (localhost [127.0.0.1])
>>     by mx1.Domain1.net.br (Postfix) with ESMTP id B6EBB14201A
>>     for <usertmp at Domain1.com.br>; Wed, 14 Mar 2018 13:18:51 -0300 (-03)
>> DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/simple; d=Domain1.com.br;
>>     s=default; t=1521044331; bh=w9NEcM38aPoJUJrmljw+GCJaBSw=;
>>     h=Date:From:To:Subject;
>> b=164tD2Zhn2gvABzES+a+cpd/lZG8QHFaBb8B53JMPXbjbGVgTLIV8oH7dILByLLHV
>>  c4W1EIgZ865H+m5BulZvekDY1gRg6E5dlkXjTp5M6CfNFbEyoV9rJUp4hs3civ/4Fq
>>  hbRBSIxuEmoEEdsjiPrkApczoGOWxL+7PCLOfHKiiBc8MlEnr7dPI8kve8dOMgOKXR
>>  NWz0H4qK6W+XUAIAHWSWryxWMnb6vkSafF/CxSN9W2hhjtFuqt5GhqFhOA+xxnLviQ
>>  FdbyGg4W468XGYPsJppj8wSuVhQ7FzsuKFaM2X44oXcEGQV62HmpRpwfZyk77A4ue8
>>      8TxnOVTxrogdg==
>> MIME-Version: 1.0
>> Content-Type: text/plain; charset=US-ASCII;
>>  format=flowed
>> Content-Transfer-Encoding: 7bit
>> Date: Wed, 14 Mar 2018 13:18:51 -0300
>> From: usertmp at Domain1.com.br
>> To: usertmp at Domain1.com.br
>> -------------------------
>>
>>
>> On the other server where everything works fine.
>> From - Wed Mar 14 13:19:49 2018
>> X-Account-Key: account27
>> X-UIDL: 000001925a9d6bca
>> X-Mozilla-Status: 0001
>> X-Mozilla-Status2: 00000000
>> X-Mozilla-Keys:
>> Return-Path: <nilton at exemplo2.com.br>
>> Delivered-To: nilton at exemplo2.com.br
>> X-Spam-Status: No
>> X-HGnet-MailScanner-To:
>> X-HGnet-MailScanner-From: nilton at exemplo2.com.br
>> X-HGnet-MailScanner-SpamCheck: não spam (está em uma lista branca),
>>     SpamAssassin (escore=0.4, requerido 4, ALL_TRUSTED -1.00,
>>     BR_SAVED_URI 1.50, DKIM_SIGNED 0.10, DKIM_VALID -0.10,
>>     DKIM_VALID_AU -0.10)
>> X-HGnet-MailScanner: Found to be clean
>> X-HGnet-MailScanner-ID: B6EBB14201A.AE9C1
>> X-HGnet-MailScanner-Information: Please contact the ISP for more 
>> information
>> Received: from webmail.exemplo2.com.br (localhost [127.0.0.1])
>>     by mx1.hgnet.net.br (Postfix) with ESMTP id B6EBB14201A
>>     for <nilton at exemplo2.com.br>; Wed, 14 Mar 2018 13:18:51 -0300 (-03)
>> DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/simple; d=exemplo2.com.br;
>>     s=default; t=1521044331; bh=w9NEcM38aPoJUJrmljw+GCJaBSw=;
>>     h=Date:From:To:Subject;
>> b=164tD2Zhn2gvABzES+a+cpd/lZG8QHFaBb8B53JMPXbjbGVgTLIV8oH7dILByLLHV
>>  c4W1EIgZ865H+m5BulZvekDY1gRg6E5dlkXjTp5M6CfNFbEyoV9rJUp4hs3civ/4Fq
>>  hbRBSIxuEmoEEdsjiPrkApczoGOWxL+7PCLOfHKiiBc8MlEnr7dPI8kve8dOMgOKXR
>>  NWz0H4qK6W+XUAIAHWSWryxWMnb6vkSafF/CxSN9W2hhjtFuqt5GhqFhOA+xxnLviQ
>>  FdbyGg4W468XGYPsJppj8wSuVhQ7FzsuKFaM2X44oXcEGQV62HmpRpwfZyk77A4ue8
>>      8TxnOVTxrogdg==
>> MIME-Version: 1.0
>> Content-Type: text/plain; charset=US-ASCII;
>>  format=flowed
>> Content-Transfer-Encoding: 7bit
>> Date: Wed, 14 Mar 2018 13:18:51 -0300
>> From: nilton at exemplo2.com.br
>> To: nilton at exemplo2.com.br
>>
>> -----------------
>>
>> MailScanner or Postfix? There is a possibility that the problem is in 
>> the way postfix is constructing the header, but I do not know how to 
>> debug it.
>>
>> Thank you for your help on this.
>>
>> HGnet - A solução em TI.
>> <www.hgnet.com.br>
>> A Solução em TI
>> 	
>> *
>> Nilton Godoi*
>> Fones: +55 11 3582-2746  3582-2756
>> Celular: +55 11  98191-0001
>> www.hgnet.com.br
>>
>>
>>
>> -- 
>> Esta mensagem foi verificada pelo sistema de antiv�rus e
>> acredita-se estar livre de perigo.
>>
>>
>
>
> -- 
> Esta mensagem foi verificada pelo sistema de antiv�rus e
> acredita-se estar livre de perigo. 


-- 
Esta mensagem foi verificada pelo sistema de antivírus e
 acredita-se estar livre de perigo.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20180316/2dddbb89/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hgnet_100.png
Type: image/png
Size: 6777 bytes
Desc: not available
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20180316/2dddbb89/attachment.png>


More information about the MailScanner mailing list