Scanning messages twice

jamster · Unread post by **jamster** » Wed Jun 01, 2005 5:43 am

Hi,

Since installing the ART qmail-scanner install, I've noticed that mails that arrive at our server and are then forwarded on are getting scanned twice. The problem seems to be that it is scanned before it is delivered - then when it is delivered it is redirected back to the smtp server for outgoing transit and it gets scanned again.

I'm not bothered about scanning outgoing email, is there a way to set it to scan mails for local domains only. Alternatively, is there a way to set it to not scan mails from 127.0.0.1. I've searched the web but most answers seem to involve tcpserver, which the ART version doesn't seem to use. Any ideas?

Thanks again,
Chris.

Example header - mail from my (externally hosted webmail - to my forwarder on the plesk server - and back to my externally hosted webmail): (note... server names etc munged for privacy)

Code: Select all

(clamdscan: 0.85.1/905. spamassassin: 3.0.3. perlscan: 1.25st.  
Clear:RC:1(127.0.0.1):SA:0(0.1/5.0):.
Processed in 3.174827 secs); 01 Jun 2005 09:35:54 -0000
X-Remote-Spam-Status: No, hits=0.1 required=5.0
Delivered-To: 20-chris.james@ourdomain.co.na
Received: (qmail 30734 invoked by uid 2520); 1 Jun 2005 09:35:51 -0000
Received: from 66.111.4.27 by tao.our.server.co.na (envelope-from <chris.james@ourdomain.co.na>, uid 2020) with qmail-scanner-1.25st
(clamdscan: 0.85.1/905. spamassassin: 3.0.3. perlscan: 1.25st.  
Clear:RC:0(66.111.4.27):SA:0(0.1/5.0):.
Processed in 14.523467 secs); 01 Jun 2005 09:35:51 -0000
X-Qmail-Scanner-MOVED-X-Spam-Status: No, hits=0.1 required=5.0
Received: from out3.smtp.messagingengine.com (66.111.4.27)
  by tao.our.server.co.na with SMTP; 1 Jun 2005 09:35:36 -0000
Received: from web2.messagingengine.com (web2.internal [10.202.2.211])
        by frontend1.messagingengine.com (Postfix) with ESMTP id 6E47FC94FF5
        for <chris.james@ourdomain.co.na>; Wed,  1 Jun 2005 05:35:06 -0400 (EDT)
Received: by web2.messagingengine.com (Postfix, from userid 99)
        id C1551746; Wed,  1 Jun 2005 05:35:03 -0400 (EDT)
Message-Id: <1117618503.30952.235383986@webmail.messagingengine.com>
X-Sasl-Enc: D9Hdo8MEPOL8TRHW4CC6o1r7+M7vjnHgYpeQjc3sdaZr 1117618503
From: "Chris James" <chris.james@ourdomain.co.na>
To: chris.james@ourdomain.co.na
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="ISO-8859-1"
MIME-Version: 1.0
X-Mailer: MIME::Lite 1.5  (F2.73; T1.001; A1.64; B3.05; Q3.03)
Subject: trest
Date: Wed, 01 Jun 2005 10:35:03 +0100

jamster · Unread post by **jamster** » Wed Jun 01, 2005 7:51 am

Well, i've added the following line to hosts.allow:

tcp-env: 127.0.0.1: setenv QMAILQUEUE "/var/qmail/bin/qmail-queue"

Which I think is the tcp_wrappers equivalent of the tcpserver rules from the qmail-scanner homepage: (http://qmail-scanner.sourceforge.net/), yet it still doesn't work.

Any ideas scott or others would be really appreciated; on some mailling lists my messages are being scanned three times (in, from spamassasin and out). I want to implement the following rules:

* if remote server = 127.0.0.1 - don't scan
* if remote server = servers IP - don't scan
* otherwise scan

I think this should mean my messages should only then be scanned once, is this right?

Thanks for all the help,
Chris.

Unread post by **scott** » Wed Jun 01, 2005 10:22 am

The only way I know of to do it is with tcpserver (which is what I use in project gamera). Another hack would be to set up q-s not to scan messages to specific domains or email addresses at all.

jamster · Unread post by **jamster** » Wed Jun 01, 2005 10:27 am

thanks scott, the thing about the tcpserver thing is that it's just setting the environment variable QMAILQUEUE in the same way... i wonder why it doesn't work when you use tcp_wrappers. wierd!

if anyone else has any ideas?