[Mimedefang] Messages spooled by secondary MX miss Mimedefang?
Whit Blauvelt
whit at transpect.com
Sat Aug 23 12:54:01 EDT 2003
On Sun, Aug 24, 2003 at 01:00:28AM +1000, Mark Suter wrote:
> On 2003-08-23, Whit Blauvelt wrote:
>
> > A few messages have got through without any check by MD/SA. These are all
> > messages that went to the spool on an external secondary MX before arriving.
> > What is it about a message taking this route that would allow it to slip in
> > unchecked? All of these happened to be obvious spam. The MD and SA headers
> > that are added to all mail by the local configuration were just not there.
>
> My guess is the secondary MX is mentioned in the /etc/mail/mimedefang-filter.
> Can you place this file online for us to look at?
Sure. Nothing there about secondary MX's that I'm aware of. It's at
http://www.transpect.com/mimedefang-filter.html.
It occurs to me that what may have happened is that attachments were beyond
the 200k limit beyond which they aren't fed through SA, and that the
attachments were of types that MD stripped off (although there was no notice
it had done that - which it looks like there should be from the filter
script although I haven't seen one ever). I still don't understand why not
even "X-Scanned-By: MIMEDefang 2.35" showed up in the headers though, if
that's the case - but I haven't traced the logic by which that's appended.
Could MD be assuming that anything already received by an MX for the domain
must already be okay?
Whit
More information about the MIMEDefang
mailing list