You're correct. I did not test my 'discovery' properly before jumping to this conclusion.
I appreciate the pointer to the IGNORE behavior. I'll endeavor to ignore any virus or spam filtering headers from incoming email. I've still got the mystery of how his email gets in without being scored by Amavis. When I run spamassassin on it, it gets a very high score. Other spam gets filtered just fine. Somehow, this one spammer avoids it. Thank you again, Chris Shaker [EMAIL PROTECTED] Clifton Royston wrote: > On Sat, Feb 16, 2008 at 11:31:05AM -0800, Christopher J Shaker wrote: > >> You may all know about this, but it was new to me. >> >> Found a persistent spammer was sending email to my domain without >> any score information from amavis-new. >> >> After trying several possibilities, I finally realized that he was sending >> the email with a hand crafted 'X-Virus-Scanned' header that was identical >> to what my Amavis-new would have added. >> >> That seems to bypass scanning with Amavis-new! >> > > I am pretty sure amavisd-new does *not* work this way. It has an > implicit list of checks to run on each incoming mail, starting with > virus scanning, and works its way through them. If it's working this > way for you, it may be the result of something funky in your Postfix > configuration which is bypassing the routing through amavisd if it sees > that header. > > How are you selecting the Postfix routing to content filtering? In > main.cf, in master.cf, or otherwise? > > >> I've temporarily added a filter to my postfix header_checks file to reject >> messages coming into my server that already have the X-Virus-Scanned >> header added to them. This is not a good solution, because it also blocks >> my outgoing email. >> > > A much better interim measure would be to strip the incoming headers, > by simply replacing that REJECT with IGNORE in the same header_checks > line. It's not a bad idea anyway to strip spam scan headers which > could be mistaken for your own. > > -- Clifton > > ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
