On Mar 27, 2015, at 1:33 PM, Axb <axb.li...@gmail.com> wrote: > Are you using Mailscanner? if yes then it's you munging URIS so they breaking > lookups on any hash type as in
Yes, I am using MailScanner. Some URIs are munged, others are not. For example, you can see in that very pastebin you noted that there are a number of perfectly good URIs. MailScanner will munge the embedded image web bugs and the embedded JavaScript, but will not munge "regular" href links or "regular" img links. In that sample, the only MailScanner munging is on JavaScript. But, you're saying MailScanner is changing the message and therefore changing the hash overall... yes? Would you recommend not running MailScanner? If so, what would you recommend for virus scanning? Or, would you recommend turning off munging for embedded JS and web bugs? (But, keeping the virus scanning?) Of course, removing munging opens other vulnerabilities... Note that my spam setup is as follows: sendmail -> MailScanner (system-wide, root-owned) -> spamc/spamd (per-user, via procmail) Unfortunately due to the nature of the virtual-host setup on this machine I _cannot_ have MailScanner be the SA glue, nor can I easily switch to SA milters like spamass-milter or amavisd or whatever. Right now, this setup is unfortunately not changeable. > And if you're indeed using MailScanner are you sending it the full message or > some chunk only? > (can't remember the settings's names) I am passing in the entire message. Thanks. --- Amir