2 conditions in the rule and empty Sender

Nerijus Baliunas nerijus at users.sourceforge.net
Thu Nov 1 13:39:14 UTC 2018 

I added the rule:
From:   127.0.0.1 and From: MAILER-DAEMON at mail.example.com       no

It did not help.

On Thu, 1 Nov 2018 12:55:16 +0100 Antony Stone <Antony.Stone at mailscanner.open.source.it> wrote:

> On Thursday 01 November 2018 at 12:42:50, Nerijus Baliunas wrote:
> 
> > I will paste the full message here:
> 
> The first thing that strikes me is that the original message does not have 
> "From: postmaster at example.com" - it is addressed to postmaster, but the From 
> address is MAILER-DAEMON at mail.example.com
> 
> Try putting that into your virus_scanning.rules and see if things get 
> delivered as required.
> 
> > The following e-mails were found to have: Virus Detected
> > 
> >     Sender:
> > IP Address: 127.0.0.1
> >  Recipient: postmaster
> >    Subject: Mail delivery failed: returning message to sender
> >  MessageID: 58A002A14067.AE6A8
> > Quarantine: /var/spool/MailScanner/quarantine/20181101/58A002A14067.AE6A8
> >     Report: Clamd:  message was infected:
> > winnow.spam.ts.xmailer.2.UNOFFICIAL
> > 
> > Full headers are:
> > 
> >  Received: from mail.example.com (mail.example.com [127.0.0.1])
> >  	by mail.example.com (Postfix) with SMTP id 58A002A14067
> >  	for <postmaster>; Thu,  1 Nov 2018 02:02:01 +0200 (EET)
> >  Subject: Mail delivery failed: returning message to sender
> >  From: Mail Delivery System <MAILER-DAEMON at mail.example.com>
> >  To: postmaster at mail.example.com
> >  MIME-Version: 1.0
> >  Content-Type: multipart/report; report-type=delivery-status;
> >  	boundary="foo-mani-padme-hum-32284-1-1541030521"
> >  Message-Id: <20181101000201.58A002A14067 at mail.example.com>
> >  Date: Thu,  1 Nov 2018 02:02:01 +0200 (EET)
> > 
> > On Thu, 1 Nov 2018 13:38:16 +0200 Nerijus Baliunas wrote:
> > > Hello,
> > > 
> > > I have Virus Scanning = %rules-dir%/virus_scanning.rules
> > > and in virus_scanning.rules:
> > > From:   127.0.0.1 and From: postmaster at example.com       no
> > > 
> > > Today I got an email:
> > > 
> > > The following e-mails were found to have: Virus Detected
> > > 
> > >     Sender:
> > > IP Address: 127.0.0.1
> > > 
> > >  Recipient: postmaster
> > >  
> > >    Subject: Mail delivery failed: returning message to sender
> > >  
> > >  MessageID: 58A002A14067.AE6A8
> > > 
> > > Quarantine: /var/spool/MailScanner/quarantine/20181101/58A002A14067.AE6A8
> > > 
> > >     Report: Clamd:  message was infected:
> > >     winnow.spam.ts.xmailer.2.UNOFFICIAL
> > > 
> > > How to allow such messages to be received? There is no Sender
> > > (Return-path:), how to adapt "From:   127.0.0.1 and From:
> > > postmaster at example.com       no" to also work with no From?
> 
> Regards
> 
> 
> Antony.

More information about the MailScanner mailing list