spam and viruses can be defeated simply by deploying MailScanner. systems, this first version of the MailScanner Manual includes only installation. MailScanner Guide. Contents. Acknowledgements; Brief Description; Features and Highlights; How It Works; Presentation given at JANET NetWorkshop Abstract. A guide to installing and using MailScanner, and a complete training manual describing its operation and use in fine detail.

Author: Nalar Voodoohn
Country: Cape Verde
Language: English (Spanish)
Genre: Art
Published (Last): 27 November 2013
Pages: 315
PDF File Size: 14.2 Mb
ePub File Size: 5.92 Mb
ISBN: 125-1-73281-475-5
Downloads: 26203
Price: Free* [*Free Regsitration Required]
Uploader: Gukree

When you use the name of a configuration option, don’t worry about whitespace and punctuation.

The only characters that count are A-Z and numbers. Any combination of upper and lower case is fine, as are extra punctuation marks such as ‘-‘ and extra or missing spaces. Do you want to add the Envelope-From: This is very useful for tracking where spam came from as it contains the envelope sender address. This can also be the filename of a ruleset. Do you want to add the Envelope-To: This can be useful for tracking spam destinations, but should be used with care due to possible privacy concerns with the use of Bcc: Do you want to add the plain text contents of Microsoft Word documents?

This feature uses the ‘antiword’ program available from http: Do you want to add a watermark to each email message? Setting this enables delivery error messages to be identified as yours so you want to see them.

Delivery error messages without valid watermarks are treated as spam or whatever you set belowas you probably don’t want to see them. Spammers can send vast quantities of spam claiming to come from you so that you get all the delivery errors known as a “joe-job” attack. Use of this option is dangerous, and should only be used if you are having trouble with lots of corrupt PDF files, for example. If you need to specify more than 1 string to find in the error message, then put each string in quotes and separate them with a comma.

Do you want to allow messages whose body is stored somewhere else on the internet, which is downloaded separately by the user’s email package? There is no way to guarantee that the file fetched by the user’s email package is free from viruses, as MailScanner never sees it. This feature is dangerous as it can allow viruses to be fetched from other Internet sites by a user’s email package.

The user would just think it was a normal email attachment and would have been scanned by MailScanner. So I would strongly advise leaving this switched off. Guidd any attachment MIME types matching any of the patterns listed here.

MailScanner Installation Guide –

If this setting is empty, it is ignored and no matches are made. Allow any attachment filenames matching any of the patterns listed here. Allow any attachment filetypes matching any of the patterns listed here. This is a bad idea as these are used as scams to pursuade people to part with credit card information and other personal data. This is not a good idea as it allows various Microsoft Outlook security vulnerabilities to remain unprotected, but if you have a load of mailing lists sending them, then you will want to allow them to keep your users happy.

This option can be used to stop any duplication of en email signature appearing in the HTML of an email message.

If this option is also set to “no”, then it will not be signed again. Multiple image signatures at the bottom of a message can make the message very large and ugly once it has been replied to a couple of times.


This is a bad idea as it leaves you unprotected against various Microsoft-specific security vulnerabilities.

But if your users demand it, you can do it. Do you want to allow partial messages, which only contain a fraction of the attachments, not the whole thing?

There is absolutely no way to scan these “partial messages” properly for viruses, as MailScanner never sees all of the attachment at the same time. Enabling this option can allow viruses through. You have been warned. This can also be the filename of a ruleset so you can, for example, allow them in outgoing mail but not in incoming mail. Should archives which contain any password-protected files be allowed? Leaving this set to “no” is mailsacnner good way of protecting against all the protected amilscanner files used mailsfanner viruses at the moment.

This ugide a bad idea as these are used to exploit vulnerabilities in email applications and web browsers. This is a bad idea as these are used as ‘web bugs’ to find out if a message has been read. It is not dangerous, it is just used to make you give away information. You cannot block messages containing web bugs as their detection is very vulnerable to false alarms.

While detecting “Phishing” attacks, do you also want to point out links to numeric IP addresses. Genuine links to totally numeric IP mailscanneer are very rare, so this option is set to “yes” by default. If a numeric IP address is found in a link, the same phishing warning message is used as in the Find Phishing Fraud option above.

Always Include SpamAssassin Report. Do you want to always include the Spam Report in the SpamCheck header, even if the message wasn’t spam? This option is intended for people who want to log more information about messages than what is put in syslog. It is intended to be used with a Custom Function which has the side-effect of logging information, perhaps to an SQL database, or any other processing you want to do after each message is processed. Its value is completely ignored, it is purely there to have side effects.

If guode want to mailsvanner it, read CustomConfig. This option is intended for people who want to log per-batch information. This maillscanner evaluated after the “Always Looked Up Last” configuration option for each message in the batch.

This is looked up once for the entire batch. Location and full command of the “antiword” program Using a ruleset here, you could have different output styles for different people. The maximum length of time the “antiword” command is allowed to run for 1 Word document in seconds. Space-separated maioscanner of any combination of 1. Any of the items above can contain 3 magic strings, which are mailscannre as follows: This will make archive-rolling and maintenance much easier, as you can guarantee that yesterday’s mail archive will not be in active use today.

If you give this option a ruleset, you can control exactly whose mail is archived or forwarded. If you do this, beware of the legal implications as this could be deemed to be illegal interception unless the police have asked you to do this.

This setting still works even if “Scan Messages” is no. What sort of attachments are considered to be archives? You may well consider, for example, zip and rar files to be archives, but maybe TNEF files to not be archives as they are really just another way of supplying attachments that is only used by Microsoft Exchange and Outlook.

This is a space-separated list of the types which are treated as archives. Mailsxanner keywords within this are: Normally, you would only want to attach the image to messages with mailsanner HTML part, as plain text messages clearly cannot display an image.


However, if you find some other use for this feature, you may want to attach an image to a message which is just text. See “Attach Image To Signature” for notes on how to use this. If you are using HTML signatures, you can embed an image in the signature. If used correctly, Huide Scanner will notice if the image is milscanner present and not add it again.

What character set do you want to use for the attachment that replaces viruses Mallscanner. The default is ISO as even Americans have to talk to the rest of the world occasionally: Attachment Extensions Not To Zip.

Attachments whose filenames end in these strings will not be zipped. If the original total size of all the attachments to be compressed is less than this number of bytes, they will not be zipped at all. If the attachments are to kailscanner compressed into a single zip file, this is the filename of the zip file. When a virus or attachment is replaced by a plain-text warning, and that warning is an attachment, this is the filename of the new attachment.

Configuration Index – MailScanner v5.1.x

Do you want to automatically do a syntax check of the configuration files when MailScanner is started up? It will still start up, regardless, but it will print plenty of errors and warnings if anything important is wrong in your setup, instead of just logging it to your system’s mail logs. It does slightly slow down the startup of MailScanner, of course, but that is only done once and so it does not really matter.

This makes it easier for novice users. This cannot be a ruleset, only a simple value. Should encrypted messages be blocked? This is useful if you are wary about your users sending encrypted messages to your competition. This can be a ruleset so you can block encrypted message to certain domains. Should unencrypted messages be blocked? This could be used to ensure all your users send messages outside your company encrypted to avoid snooping of mail to your business partners.

When you bounce a spam message back to the sender, do you want to encapsulate it in another message, rather like the “attachment” option when delivering spam to the original recipient? If you enable this option, be sure to whitelist your local server ie.

Many naive spammers send out the same message to lots of people. These messages are very likely to have roughly the same SpamAssassin score. For extra speed, cache the SpamAssassin results for the messages being processed so that you only call SpamAssassin once for all of the messages. Normally, you can still get the filenames out of a password-protected archive, despite the encryption. So by default filename checks are still done on these files.

However, some people want to suppress this checking as they allow a few people to receive password-protected archives that contain things such as. This option can be used to suppress filename checks inside password-protected archives. If the message sender is on any of the Spam Lists, do you still want to do the SpamAssassin checks?