<p>So why dont they just relay your domain? Or am I reading this slightly wrong, so that you actually mean "yes, the recipients being forwarded are in the same domain (Swiss owned) as other non-forwarded recipients, and are aliased to our local domain, rather than being a straightforward relay"?<br>
If that is the case, you'd need do some hacking in MailWatch.pm to "solve" this, as well as look at the Received: futzing in both SA and MS. Or make the forward->relay...:-)</p>
<p>Cheers<br>
-- <br>
-- Glenn</p>
<div class="gmail_quote">Den 23 okt 2012 19:36 skrev "Dave Gattis" <<a href="mailto:mailscanner@romehosting.com">mailscanner@romehosting.com</a>>:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Forwarder (exchange) is in Switzerland. Destination (postfix) is in USA.<br>
Non-related domains.<br>
--<br>
Dave Gattis<br>
<br>
<br>
> hmm looks like exch doing a crap job of forwarding the emails, either that<br>
> or it's poorly setup. My exch just forwards the emails to my local exch<br>
> server without all this extra cruft in the logs.<br>
><br>
> Are these two sites part of the same AD domain or do they run some sort of<br>
> split design?<br>
><br>
> --<br>
> Martin Hepworth, CISSP<br>
> Oxford, UK<br>
><br>
><br>
> On 23 October 2012 14:08, Dave Gattis <<a href="mailto:mailscanner@romehosting.com">mailscanner@romehosting.com</a>> wrote:<br>
><br>
>> According to mailwatch, here's all the listed headers:<br>
>><br>
>> Received: from <a href="http://mail1.domain1.com" target="_blank">mail1.domain1.com</a> (<a href="http://mail1.domain1.com" target="_blank">mail1.domain1.com</a> [XX.XXX.XXX.XX])<br>
>> by <a href="http://domain1.com" target="_blank">domain1.com</a> (Postfix) with ESMTP id D30D01C100FB<br>
>> for <<a href="mailto:dave.gattis@domain2.com">dave.gattis@domain2.com</a>>; Tue, 23 Oct 2012 08:48:31 -0400<br>
>> (EDT)<br>
>> Received: from <a href="http://mail2.domain1.com" target="_blank">mail2.domain1.com</a> ([ffff::aaaa:8888:bbbb:7777]) by<br>
>> <a href="http://mail2.domain2.com" target="_blank">mail2.domain2.com</a> ([ffff::aaaa:8888:bbbb:7777]) with Microsoft SMTP<br>
>> Server id<br>
>> 14.01.0355.002; Tue, 23 Oct 2012 14:48:25 +0200<br>
>> From: Dave Gattis <<a href="mailto:dave.gattis@hotmail.com">dave.gattis@hotmail.com</a>> <-- MailScanner/MailWatch<br>
>> ignores this line<br>
>> To: Dave Gattis <<a href="mailto:dave.gattis@domain1.com">dave.gattis@domain1.com</a>><br>
>> Subject: test for mailscanner group<br>
>> Date: Tue, 23 Oct 2012 12:48:40 +0000<br>
>> Message-ID: <<a href="mailto:b4339c5b9c53472eae950d4ff046d840@mail2.domain1.com">b4339c5b9c53472eae950d4ff046d840@mail2.domain1.com</a>><br>
>> Resent-From: <<a href="mailto:dave.gattis@domain1.com">dave.gattis@domain1.com</a>> <-- MailScanner/MailWatch<br>
>> considers this line to be the sender<br>
>> Content-Type: multipart/alternative;<br>
>> boundary="_000_b4339c5b9c53472eae950d4ff046d840mail2domain1com_"<br>
>> MIME-Version: 1.0<br>
>><br>
>> MailWatch's recent messages tab displays the message like this, only in<br>
>> column format:<br>
>><br>
>><br>
>> Date/Time:<br>
>> 23/10/12<br>
>> 08:48:33<br>
>><br>
>> From:<br>
>> <a href="mailto:dave.gattis@domain1.com">dave.gattis@domain1.com</a> (needs to be <a href="mailto:dave.gattis@hotmail.com">dave.gattis@hotmail.com</a>)<br>
>><br>
>> To:<br>
>> <a href="mailto:dave.gattis@sdomain2.com">dave.gattis@sdomain2.com</a><br>
>><br>
>> Subject:<br>
>> test for mailscanner group<br>
>><br>
>> Size<br>
>> 2.2Kb<br>
>><br>
>> SA Score<br>
>> -1.02<br>
>><br>
>> Status<br>
>> Clean<br>
>><br>
>><br>
>> --<br>
>> Dave Gattis<br>
>><br>
>><br>
>> > Mailwatch uses the "envelope-from" to display in the list.<br>
>> ><br>
>> > On 23 October 2012 12:58, Dave Gattis <<a href="mailto:mailscanner@romehosting.com">mailscanner@romehosting.com</a>><br>
>> wrote:<br>
>> ><br>
>> >> Let me see if I can explain this properly:<br>
>> >><br>
>> >> <a href="mailto:a@hotmail.com">a@hotmail.com</a> sends to <a href="mailto:b@mydomain1.com">b@mydomain1.com</a>.<br>
>> >><br>
>> >> a rule exists at <a href="http://mydomain1.com" target="_blank">mydomain1.com</a> to redirect to <a href="mailto:c@mydomain2.com">c@mydomain2.com</a>,<br>
>> therefore<br>
>> >><br>
>> >> <a href="mailto:a@hotmail.com">a@hotmail.com</a> arrives safely <a href="mailto:c@mydomain2.com">c@mydomain2.com</a>.<br>
>> >><br>
>> >> When opening the email, it looks like this:<br>
>> >><br>
>> >> From: <a href="mailto:a@hotmail.com">a@hotmail.com</a><br>
>> >> To: <a href="mailto:b@mydomain1.com">b@mydomain1.com</a><br>
>> >><br>
>> >> This is exactly what I want and works perfectly in any mail client.<br>
>> >><br>
>> >> Unfortunately, when you look at the list of messages MailScanner has<br>
>> >> processed (using the MailWatch frontend), every message, no matter<br>
>> who<br>
>> >> from looks like this:<br>
>> >><br>
>> >> From: <a href="mailto:b@mydomain1.com">b@mydomain1.com</a><br>
>> >> To: <a href="mailto:c@mydomain2.com">c@mydomain2.com</a><br>
>> >><br>
>> >> This renders white/blacklisting useless, and subject lines are the<br>
>> only<br>
>> >> clues available for releasing SPAM. When looking at the raw headers,<br>
>> >> the<br>
>> >> redirect is adding a "Resent-From" header which I believe is<br>
>> overriding<br>
>> >> the "From" header.<br>
>> >><br>
>> >> No matter what is received, MailScanner is basing some of it's<br>
>> decisions<br>
>> >> on the "Resent-From" address which lowers the score for all messages.<br>
>> >><br>
>> >> This is what happens when corporations make poor decisions.<br>
>> >> Unfortunately, I am forced to find a workaround for it.<br>
>> >><br>
>> >> Thanks,<br>
>> >> --<br>
>> >> Dave Gattis<br>
>> >><br>
>> >><br>
>> >> > Le 22/10/2012 15:26, Dave Gattis a écrit :<br>
>> >> >> Each message is stamped with "Resent-From" and "Return-Path" of<br>
>> the<br>
>> >> >> redirecting address. I can strip those headers out, after<br>
>> >> MailScanner,<br>
>> >> >> but really need them removed before.<br>
>> >> ><br>
>> >> > Why do you really need them removed? If it's just for spamassassin,<br>
>> >> you<br>
>> >> > can use bayes_ignore_header in your <a href="http://local.cf" target="_blank">local.cf</a> file.<br>
>> >> ><br>
>> >> > John.<br>
>> >> ><br>
>> >> > --<br>
>> >> > -- Over 5000 webcams from ski resorts around the world -<br>
>> >> <a href="http://www.snoweye.com" target="_blank">www.snoweye.com</a><br>
>> >> > -- Translate your technical documents and web pages -<br>
>> <a href="http://www.tradoc.fr" target="_blank">www.tradoc.fr</a><br>
>> >> > --<br>
>> >> > MailScanner mailing list<br>
>> >> > <a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a><br>
>> >> > <a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
>> >> ><br>
>> >> > Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a><br>
>> >> ><br>
>> >> > Support MailScanner development - buy the book off the website!<br>
>> >> ><br>
>> >><br>
>> >><br>
>> >> --<br>
>> >> MailScanner mailing list<br>
>> >> <a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a><br>
>> >> <a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
>> >><br>
>> >> Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a><br>
>> >><br>
>> >> Support MailScanner development - buy the book off the website!<br>
>> >><br>
>> > --<br>
>> > MailScanner mailing list<br>
>> > <a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a><br>
>> > <a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
>> ><br>
>> > Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a><br>
>> ><br>
>> > Support MailScanner development - buy the book off the website!<br>
>> ><br>
>><br>
>><br>
>> --<br>
>> MailScanner mailing list<br>
>> <a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a><br>
>> <a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
>><br>
>> Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a><br>
>><br>
>> Support MailScanner development - buy the book off the website!<br>
>><br>
> --<br>
> MailScanner mailing list<br>
> <a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a><br>
> <a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
><br>
> Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a><br>
><br>
> Support MailScanner development - buy the book off the website!<br>
><br>
<br>
<br>
--<br>
MailScanner mailing list<br>
<a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a><br>
<a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
<br>
Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a><br>
<br>
Support MailScanner development - buy the book off the website!<br>
</blockquote></div>