<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
That was going to be my suggestion also. Are there any other emails
besides the student mail list that would originate from that IP? You
might need a compound rule (using the "and" component) to define the
rule a little better if you use IP based lines in the configuration
file.<br>
<br>
steve<br>
<div class="moz-cite-prefix">On 5/23/2013 5:20 AM, Martin Hepworth
wrote:<br>
</div>
<blockquote
cite="mid:CAGDKorKFhXFe7fw-Z8PS3zReYuc0s_Fcj7PPDxz9UMsWa0PKNA@mail.gmail.com"
type="cite">
<div dir="ltr">I'd suggest the scan.messages.rules be amended to
cope with the ip-address of the MailMan server. otherwise anyone
faking the from address is going to sail straight passed your
email scanning.<br>
</div>
<div class="gmail_extra">
<br clear="all">
<div>-- <br>
Martin Hepworth, CISSP<br>
Oxford, UK</div>
<br>
<br>
<div class="gmail_quote">On 22 May 2013 22:42, Robert Lopez <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:rlopezcnm@gmail.com" target="_blank">rlopezcnm@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">On Wed, May 22, 2013 at 12:28 PM, Steve
Campbell <<a moz-do-not-send="true"
href="mailto:campbell@cnpapers.com">campbell@cnpapers.com</a>>
wrote:<br>
> Perhaps you should send us the "Scan Messages" line
from your<br>
> MailScanner.conf file and what you have in your file
that is pointed to<br>
> in by line above.<br>
><br>
> Have you restarted or reloaded MS since you changed
the file?<br>
><br>
> Depending on what you have in that line and file, you
probably shouldn't<br>
> be seeing those lines in your mail log.<br>
><br>
> steve campbell<br>
<br>
</div>
<div class="im">The situation I am trying to understand is
email being scanned by<br>
SpamAssassin when I thought<br>
</div>
I had all the systems configured to not scan the email at
all.<br>
<br>
Email generated by an office where the persons use Outlook
to compose<br>
email goes to an Exchange server and it is then relayed to
an email<br>
gateway. These email are from <a moz-do-not-send="true"
href="mailto:CNM_Official_Info@cnm.edu">CNM_Official_Info@cnm.edu</a>
to<br>
<a moz-do-not-send="true" href="mailto:students@cnm.edu">students@cnm.edu</a>.
The email gateway relays the email to a Mailman ($<br>
postmap -q students /etc/postfix/virtualaliases ->
students@listserv)<br>
server.<br>
<br>
Mailman then sends the message to all the students who are
members of<br>
the students list. So each student has a copy generated
that is from<br>
<a moz-do-not-send="true"
href="mailto:students-bounces@cnm.edu">students-bounces@cnm.edu</a>
to <individual-student>@<a moz-do-not-send="true"
href="http://cnm.edu" target="_blank">cnm.edu</a> which is
sent<br>
back to the email gateways.<br>
<br>
A Postfix rewrite via a virtualaliases map sends each email
from<br>
<a moz-do-not-send="true"
href="mailto:students-bounces@cnm.edu">students-bounces@cnm.edu</a>
to <individual-student>@...<a moz-do-not-send="true"
href="http://gmail.com" target="_blank">gmail.com</a>.<br>
<br>
MailScanner.conf and conf.d/CNM-MailScanner.conf (newest
gateway)<br>
all have "Scan Messages = %rules-dir%/scan.messages.rules".<br>
I had put both 'From' in scan.messages.rules:<br>
<br>
From: <a moz-do-not-send="true"
href="mailto:students-bounces@cnm.edu">students-bounces@cnm.edu</a>
no<br>
From: <a moz-do-not-send="true"
href="mailto:cnm_official_info@cnm.edu">cnm_official_info@cnm.edu</a>
no #This is not a case match to original<br>
<br>
This directive and data file have been working for years.<br>
However yesterday I noticed the email in this case (students
list)<br>
do get a SpamAssassin score and my thinking is this should
not be happening.<br>
<br>
Each email has a line such as this example:<br>
<div class="im"><br>
May 20 12:55:08 mg04 MailScanner[11127]: Message
55370642025.7712B<br>
from 198.133.182.29 () to <a moz-do-not-send="true"
href="http://cnm.edu" target="_blank">cnm.edu</a> is not
spam, SpamAssassin (not<br>
cached, score=-1.699, required 6, autolearn=disabled,
CNM_EXCUSE 0.30,<br>
CNM_FROM -1.00, CNM_ITS -1.00, HTML_MESSAGE 0.00)<br>
<br>
</div>
There has been no recent change to any of these files.
MailScanner is always<br>
restarted or reloaded when ever any configuration file is
modified. In fact,<br>
the scripts to modify any component and copy them to the
gateways do the<br>
force-reload and test ($?) to see the return status.<br>
<div class="HOEnZb">
<div class="h5"><br>
--<br>
Robert Lopez<br>
Unix Systems Administrator<br>
Central New Mexico Community College (CNM)<br>
525 Buena Vista SE<br>
Albuquerque, New Mexico 87106<br>
--<br>
MailScanner mailing list<br>
<a moz-do-not-send="true"
href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a><br>
<a moz-do-not-send="true"
href="http://lists.mailscanner.info/mailman/listinfo/mailscanner"
target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
<br>
Before posting, read <a moz-do-not-send="true"
href="http://wiki.mailscanner.info/posting"
target="_blank">http://wiki.mailscanner.info/posting</a><br>
<br>
Support MailScanner development - buy the book off the
website!<br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
</body>
</html>