Here is a reply from our supplier of MailSweeper after the previous email was
forwarded on to them.
>
> Richard,
>
> I am disappointed to see this matter described as a vulnerability, or
worse
>
> still as a bug, in MAILsweeper. It is simply a question of understanding
> how
> MAILsweeper works and configuring it correctly.
>
> (1) I agree that, with the standard configuration of Incoming and Outgoing
> folders, a message addressed from [EMAIL PROTECTED] to [EMAIL PROTECTED]
> will be processed via the Outgoing policy. This behaviour is unchanged in
> version 4.2. It can be easily changed by adding the route
> *@mydomain.com -> *@mydomain.com to the Routes configuration of the
> Incoming
> folder, so that it takes precedence over the route *@* -> *@mydomain.com
in
> the Outgoing folder.
> (2) I strongly recommend all MAILsweeper users to scan outgoing mail at
> least for viruses. No matter how much you trust your users, they will
> acquire viruses involuntarily and send them on. Scanning outgoing mail can
> give an early warning of an infection, and save you the embarrassment of
> other organisations detecting viruses in your messages.
> (3) If you have reason to believe that people are likely to spoof messages
> as you describe, it is easy to configure MAILsweeper to check that any
> message with a From address *@mydomain.com has in fact originated from one
> of your mail servers. Please let me know if you want details of how to do
> this.
> It might be helpful if you return this response to the person or newsgroup
> from which you heard of the "vulnerability".
> Regards,
> David Couch
> _____________________________________________
> David Couch
> Scientific Software and Systems Limited
> Tel: +64 4 917-6670
> Fax: +64 4 917-6671
> E-mail: [EMAIL PROTECTED]
> Visit us on the Web at: http://www.sss.co.nz
> _____________________________________________
Matthew Huck
Software Developer
T.A.B
Tel:64-6-5766961
Email:[EMAIL PROTECTED]
