2 conditions in the rule and empty Sender

Antony Stone Antony.Stone at mailscanner.open.source.it
Thu Nov 1 11:55:16 UTC 2018 

On Thursday 01 November 2018 at 12:42:50, Nerijus Baliunas wrote:

> I will paste the full message here:

The first thing that strikes me is that the original message does *not* have 
"From: postmaster at example.com" - it is addressed *to* postmaster, but the From 
address is MAILER-DAEMON at mail.example.com

Try putting that into your virus_scanning.rules and see if things get 
delivered as required.

> The following e-mails were found to have: Virus Detected
> 
>     Sender:
> IP Address: 127.0.0.1
>  Recipient: postmaster
>    Subject: Mail delivery failed: returning message to sender
>  MessageID: 58A002A14067.AE6A8
> Quarantine: /var/spool/MailScanner/quarantine/20181101/58A002A14067.AE6A8
>     Report: Clamd:  message was infected:
> winnow.spam.ts.xmailer.2.UNOFFICIAL
> 
> Full headers are:
> 
>  Received: from mail.example.com (mail.example.com [127.0.0.1])
>  	by mail.example.com (Postfix) with SMTP id 58A002A14067
>  	for <postmaster>; Thu,  1 Nov 2018 02:02:01 +0200 (EET)
>  Subject: Mail delivery failed: returning message to sender
>  From: Mail Delivery System <MAILER-DAEMON at mail.example.com>
>  To: postmaster at mail.example.com
>  MIME-Version: 1.0
>  Content-Type: multipart/report; report-type=delivery-status;
>  	boundary="foo-mani-padme-hum-32284-1-1541030521"
>  Message-Id: <20181101000201.58A002A14067 at mail.example.com>
>  Date: Thu,  1 Nov 2018 02:02:01 +0200 (EET)
> 
> On Thu, 1 Nov 2018 13:38:16 +0200 Nerijus Baliunas wrote:
> > Hello,
> > 
> > I have Virus Scanning = %rules-dir%/virus_scanning.rules
> > and in virus_scanning.rules:
> > From:   127.0.0.1 and From: postmaster at example.com       no
> > 
> > Today I got an email:
> > 
> > The following e-mails were found to have: Virus Detected
> > 
> >     Sender:
> > IP Address: 127.0.0.1
> > 
> >  Recipient: postmaster
> >  
> >    Subject: Mail delivery failed: returning message to sender
> >  
> >  MessageID: 58A002A14067.AE6A8
> > 
> > Quarantine: /var/spool/MailScanner/quarantine/20181101/58A002A14067.AE6A8
> > 
> >     Report: Clamd:  message was infected:
> >     winnow.spam.ts.xmailer.2.UNOFFICIAL
> > 
> > How to allow such messages to be received? There is no Sender
> > (Return-path:), how to adapt "From:   127.0.0.1 and From:
> > postmaster at example.com       no" to also work with no From?

Regards


Antony.

-- 
The Magic Words are Squeamish Ossifrage.

                                                   Please reply to the list;
                                                         please *don't* CC me.

More information about the MailScanner mailing list