2 conditions in the rule and empty Sender

Shawn Iverson iversons at rushville.k12.in.us
Thu Nov 1 13:55:16 UTC 2018 

My bad, I misunderstood.  Trying to get it to postmaster without rescanning
with a null sender....I typically whitelist 127.0.0.1 instead of trying to
whitelist the From: field.

On Thu, Nov 1, 2018 at 9:52 AM Antony Stone <
Antony.Stone at mailscanner.open.source.it> wrote:

> On Thursday 01 November 2018 at 14:46:53, Shawn Iverson via MailScanner
> wrote:
>
> > Notifications from mailer daemons are sent with a null return path
> > address.  You should not send a notification back in this scenario.
>
> Is the OP trying to do that?  I thought not.
>
> I thought the objective was to ensure that the notifications with the
> attached
> viruses were not re-scanned, but delivered to postmaster as-is.
>
>
> Antony.
>
> > This is a common spam vector as well, because spammers will hope you will
> > let the "notification" through since it does have a null return path.
> >
> > This is by design and avoids creating a mail loop, see RFC 1123, section
> > 5.3.3.
> >
> >
> >
> > On Thu, Nov 1, 2018 at 9:40 AM Nerijus Baliunas wrote:
> > > I added the rule:
> > > From:   127.0.0.1 and From: MAILER-DAEMON at mail.example.com       no
> > >
> > > It did not help.
> > >
> > > On Thu, 1 Nov 2018 12:55:16 +0100 Antony Stone wrote:
> > > > On Thursday 01 November 2018 at 12:42:50, Nerijus Baliunas wrote:
> > > > > I will paste the full message here:
> > > > The first thing that strikes me is that the original message does not
> > > > have "From: postmaster at example.com" - it is addressed to
> postmaster, but
> > > > the From address is MAILER-DAEMON at mail.example.com
> > > >
> > > > Try putting that into your virus_scanning.rules and see if things get
> > > > delivered as required.
> > > >
> > > > > The following e-mails were found to have: Virus Detected
> > > > >
> > > > >     Sender:
> > > > > IP Address: 127.0.0.1
> > > > >
> > > > >  Recipient: postmaster
> > > > >
> > > > >    Subject: Mail delivery failed: returning message to sender
> > > > >
> > > > >  MessageID: 58A002A14067.AE6A8
> > > > >
> > > > > Quarantine:
> > > /var/spool/MailScanner/quarantine/20181101/58A002A14067.AE6A8
> > >
> > > > >     Report: Clamd:  message was infected:
> > > > > winnow.spam.ts.xmailer.2.UNOFFICIAL
> > > > >
> > > > > Full headers are:
> > > > >  Received: from mail.example.com (mail.example.com [127.0.0.1])
> > > > >
> > > > >     by mail.example.com (Postfix) with SMTP id 58A002A14067
> > > > >     for <postmaster>; Thu,  1 Nov 2018 02:02:01 +0200 (EET)
> > > > >
> > > > >  Subject: Mail delivery failed: returning message to sender
> > > > >  From: Mail Delivery System <MAILER-DAEMON at mail.example.com>
> > > > >  To: postmaster at mail.example.com
> > > > >  MIME-Version: 1.0
> > > > >  Content-Type: multipart/report; report-type=delivery-status;
> > > > >
> > > > >     boundary="foo-mani-padme-hum-32284-1-1541030521"
> > > > >
> > > > >  Message-Id: <20181101000201.58A002A14067 at mail.example.com>
> > > > >  Date: Thu,  1 Nov 2018 02:02:01 +0200 (EET)
> > > > >
> > > > > On Thu, 1 Nov 2018 13:38:16 +0200 Nerijus Baliunas wrote:
> > > > > > Hello,
> > > > > >
> > > > > > I have Virus Scanning = %rules-dir%/virus_scanning.rules
> > > > > > and in virus_scanning.rules:
> > > > > > From:   127.0.0.1 and From: postmaster at example.com       no
> > > > > >
> > > > > > Today I got an email:
> > > > > >
> > > > > > The following e-mails were found to have: Virus Detected
> > > > > >
> > > > > >     Sender:
> > > > > > IP Address: 127.0.0.1
> > > > > >
> > > > > >  Recipient: postmaster
> > > > > >
> > > > > >    Subject: Mail delivery failed: returning message to sender
> > > > > >
> > > > > >  MessageID: 58A002A14067.AE6A8
> > > > > >
> > > > > > Quarantine:
> > > /var/spool/MailScanner/quarantine/20181101/58A002A14067.AE6A8
> > >
> > > > > >     Report: Clamd:  message was infected:
> > > > > >     winnow.spam.ts.xmailer.2.UNOFFICIAL
> > > > > >
> > > > > > How to allow such messages to be received? There is no Sender
> > > > > > (Return-path:), how to adapt "From:   127.0.0.1 and From:
> > > > > > postmaster at example.com       no" to also work with no From?
>
> --
> Perfection in design is achieved not when there is nothing left to add,
> but
> rather when there is nothing left to take away.
>
>  - Antoine de Saint-Exupery
>
>                                                    Please reply to the
> list;
>                                                          please *don't* CC
> me.
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>

-- 
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 option 7
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181101/94e9baf3/attachment.html>

More information about the MailScanner mailing list