Page 1 of 1

mailscanner headers

Posted: 16 Oct 2017, 15:25
by dzamanakos
Hi, i'm planning to deploy mailscanner and i have a question.

In my current setup I've enabled, along with spamassassin, "Enable Sender Rewriting Scheme (SRS) Support" in exim basic editor, in order, emails that are being forwarded to external providers like gmail, yahoo etc, to pass spf checks.

That leads to a risk, that the external mailserver will blacklist my ip, assuming that the spam emails are being generated by my server (based on the setting in exim above).

But spamassassin, if a spam delivered to a local account and is spam, headers will be added indicating that it is spam.
When this email will be forwarded to gmail for example, gmail will check the headers and not mark my server as spam, as headers already indicate the email as spam.

Does mailscanner adds headers indicating that the email is spam in order to help the server not be listed as spam?

Re: mailscanner headers

Posted: 16 Oct 2017, 16:02
by Sarah
Yes, MailScanner adds headers indicating the email is spam. Example:

Code: Select all

X-[orgname]-MailScanner-SpamCheck: spam, SpamAssassin (score=1005.483, required 4, BAYES_50 0.80, DCC_CHECK 1.10, DIGEST_MULTIPLE 0.29, DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10, GTUBE 1000.00, KAM_NUMSUBJECT 0.50, PYZOR_CHECK 1.39, RCVD_IN_SORBS_WEB 1.50, SPF_HELO_PASS -0.00, SPF_PASS -0.00)
X-[orgname]-MailScanner-SpamScore: ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
(By default the SpamScore will use an 's' for each unit of the spam score, apparently up to a limit of 60. So an email that gets a spamassassin score of 15 will have 15 s'es.)

I don't know if external mail servers will interpret these headers correctly. Allowing users to forward all their email including spam to external mail servers such as yahoo or gmail does carry risks.

Regards,
Sarah

Re: mailscanner headers and forwarding mail (with SRS) to external mailservers

Posted: 24 May 2021, 15:39
by idratis3
Thanks Sarah you for this important warning: allowing end users to forward (all) their mails to another address risks blacklisting our own mail server for spam by others (gmail etc ...). So we should in fact also scan outgoing spam mails (at the risk of annoying users), and not just scan for viruses?
Would there be a possibility to have different rules for incoming and outgoing spam (as there -is also if I am not mistaken- 2 exim configuration-files and processes, in order to only intercept when leaving the worst spam (to avoid too many complaints from end-users who will probably not appreciate being prevented from sending email).
Or perhaps - since there is a different exim_outgoing.conf file for the outgoing flow - have exim block emails with spam-headers above a level ?

Re: mailscanner headers

Posted: 24 May 2021, 16:20
by Sarah
There is no option to have different rules for incoming or outgoing email, and we do not recommend scanning outgoing email for spam, because the possibility of false positives is more likely to cause problems for your users, not just with forwarded email but legitimate email sent by your users getting marked as spam. We do not support scanning outbound email for spam. If you are having issues with forwarded spam getting your server blacklisted, it might be better to configure MailScanner to delete spam and allow users to use MailControl in case of false positives.