<div dir="ltr">I'd suggest the scan.messages.rules be amended to cope with the ip-address of the MailMan server. otherwise anyone faking the from address is going to sail straight passed your email scanning.<br></div><div class="gmail_extra">
<br clear="all"><div>-- <br>Martin Hepworth, CISSP<br>Oxford, UK</div>
<br><br><div class="gmail_quote">On 22 May 2013 22:42, Robert Lopez <span dir="ltr"><<a href="mailto:rlopezcnm@gmail.com" target="_blank">rlopezcnm@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">On Wed, May 22, 2013 at 12:28 PM, Steve Campbell <<a href="mailto:campbell@cnpapers.com">campbell@cnpapers.com</a>> wrote:<br>
> Perhaps you should send us the "Scan Messages" line from your<br>
> MailScanner.conf file and what you have in your file that is pointed to<br>
> in by line above.<br>
><br>
> Have you restarted or reloaded MS since you changed the file?<br>
><br>
> Depending on what you have in that line and file, you probably shouldn't<br>
> be seeing those lines in your mail log.<br>
><br>
> steve campbell<br>
<br>
</div><div class="im">The situation I am trying to understand is email being scanned by<br>
SpamAssassin when I thought<br>
</div>I had all the systems configured to not scan the email at all.<br>
<br>
Email generated by an office where the persons use Outlook to compose<br>
email goes to an Exchange server and it is then relayed to an email<br>
gateway. These email are from <a href="mailto:CNM_Official_Info@cnm.edu">CNM_Official_Info@cnm.edu</a> to<br>
<a href="mailto:students@cnm.edu">students@cnm.edu</a>. The email gateway relays the email to a Mailman ($<br>
postmap -q students /etc/postfix/virtualaliases -> students@listserv)<br>
server.<br>
<br>
Mailman then sends the message to all the students who are members of<br>
the students list. So each student has a copy generated that is from<br>
<a href="mailto:students-bounces@cnm.edu">students-bounces@cnm.edu</a> to <individual-student>@<a href="http://cnm.edu" target="_blank">cnm.edu</a> which is sent<br>
back to the email gateways.<br>
<br>
A Postfix rewrite via a virtualaliases map sends each email from<br>
<a href="mailto:students-bounces@cnm.edu">students-bounces@cnm.edu</a> to <individual-student>@...<a href="http://gmail.com" target="_blank">gmail.com</a>.<br>
<br>
MailScanner.conf and conf.d/CNM-MailScanner.conf (newest gateway)<br>
all have "Scan Messages = %rules-dir%/scan.messages.rules".<br>
I had put both 'From' in scan.messages.rules:<br>
<br>
From: <a href="mailto:students-bounces@cnm.edu">students-bounces@cnm.edu</a> no<br>
From: <a href="mailto:cnm_official_info@cnm.edu">cnm_official_info@cnm.edu</a> no #This is not a case match to original<br>
<br>
This directive and data file have been working for years.<br>
However yesterday I noticed the email in this case (students list)<br>
do get a SpamAssassin score and my thinking is this should not be happening.<br>
<br>
Each email has a line such as this example:<br>
<div class="im"><br>
May 20 12:55:08 mg04 MailScanner[11127]: Message 55370642025.7712B<br>
from 198.133.182.29 () to <a href="http://cnm.edu" target="_blank">cnm.edu</a> is not spam, SpamAssassin (not<br>
cached, score=-1.699, required 6, autolearn=disabled, CNM_EXCUSE 0.30,<br>
CNM_FROM -1.00, CNM_ITS -1.00, HTML_MESSAGE 0.00)<br>
<br>
</div>There has been no recent change to any of these files. MailScanner is always<br>
restarted or reloaded when ever any configuration file is modified. In fact,<br>
the scripts to modify any component and copy them to the gateways do the<br>
force-reload and test ($?) to see the return status.<br>
<div class="HOEnZb"><div class="h5"><br>
--<br>
Robert Lopez<br>
Unix Systems Administrator<br>
Central New Mexico Community College (CNM)<br>
525 Buena Vista SE<br>
Albuquerque, New Mexico 87106<br>
--<br>
MailScanner mailing list<br>
<a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a><br>
<a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
<br>
Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a><br>
<br>
Support MailScanner development - buy the book off the website!<br>
</div></div></blockquote></div><br></div>