On 03/27/2015 08:45 PM, Amir Caspi wrote:
On Mar 27, 2015, at 1:33 PM, Axb <axb.li...@gmail.com> wrote:
Are you using Mailscanner? if yes then it's you munging URIS so
they breaking lookups on any hash type as in
Yes, I am using MailScanner. Some URIs are munged, others are not.
For example, you can see in that very pastebin you noted that there
are a number of perfectly good URIs. MailScanner will munge the
embedded image web bugs and the embedded JavaScript, but will not
munge "regular" href links or "regular" img links. In that sample,
the only MailScanner munging is on JavaScript.
But, you're saying MailScanner is changing the message and therefore
changing the hash overall... yes?
Would you recommend not running MailScanner? If so, what would you
recommend for virus scanning? Or, would you recommend turning off
munging for embedded JS and web bugs? (But, keeping the virus
scanning?) Of course, removing munging opens other
vulnerabilities...
I used MS for few years - It did the job.
As an AV product I'd recommend Sophos AND ESETS/Nod32.
I'd also suggest you disable msg munging if you want hashers to work.
URI lists may also list URIs to .js and web bugs - you could be missing
on them.
Note that my spam setup is as follows:
sendmail -> MailScanner (system-wide, root-owned) -> spamc/spamd
(per-user, via procmail)
______
Unfortunately due to the nature of the virtual-host setup on this
machine I _cannot_ have MailScanner be the SA glue, nor can I easily
switch to SA milters like spamass-milter or amavisd or whatever.
Right now, this setup is unfortunately not changeable.
Are you an ISP/ASP or is this a corporate box?
What are you really using MailScanner for?
I also wonder if you're doing any rejects at SMTP level.
