RE: [sniffer] can auto-forward be disabled when spam is detected?
I understand what you are saying, and I'm not sure why it works, but it does. If you setup a rule to forward spam (based on X-Headers) to a separate Quarantine mailbox, it will only forward the good emails to the user gmail/yahoo account. I have it setup this way for several clients that use Exchange. A forward is setup for each user that goes to the Exchange server. The Imail rules forward spam to a central quarintine mailbox on Imail. If the email is caught by one of the rules it does not get forwarded to the clients Exchange Server. Craig Imail 8.15/mxGuard/Sniffer > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Rick Robeson > Sent: Thursday, September 01, 2005 1:54 PM > To: sniffer@SortMonster.com > Subject: RE: [sniffer] can auto-forward be disabled when spam > is detected? > > How would that address the fact that imail processes the > auto-forward rule before processing the incoming messages > rules (which is where I trigger x-header sniffer flag)? > > Rick Robeson > getlocalnews.com > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Craig Deal > Sent: Thursday, September 01, 2005 11:43 AM > To: sniffer@SortMonster.com > Subject: RE: [sniffer] can auto-forward be disabled when spam > is detected? > > > You can change your rules to forward spam to separate user > quarantine mailbox (not a subfolder or sub-mailbox) that does > not have forwarding setup. You just cannot make the rules > forward (or move)the spam to a sub-mailbox like > [EMAIL PROTECTED] on an account that is forwarded. > > Craig > > > > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Rick Robeson > > Sent: Thursday, September 01, 2005 1:17 PM > > To: sniffer@SortMonster.com > > Subject: RE: [sniffer] can auto-forward be disabled when spam is > > detected? > > > > I think I see the problem, though not a quick solution. > > > > Mxguard merely handles traffic between imail and sniffer and > > calculates its spam score and probability. IT has no override > > capability excepting its own white and black lists blocking calling > > for sniffer processing. > > > > IMail's processing order of activies (as listed in > > http://www.ipswitch.com/support/imail/guide/imailug8.1/Chapter > > %204%20process > > ing2.html#47027 > > ) > > show that forwarding instructions are handled before domain or user > > incoming rule execution. > > > > It is the domain and user incoming rule execution that is the first > > level of being able to pick up sniffer/mxguard instructions (via > > x-header presence/value). Only connection or content > filtering is used > > by imail prior to the forwarding process. I don't see any > way to have > > mxguard or sniffer affect the connection or content filtering rules > > unless they were somehow able to (for example) add a dummy > url to the > > content of the email which would trigger the content filtering url > > blacklist. > > > > Ipswitch probably considers the current forwarding > processing order a > > feature (after all it allows another external mail server > rulebase to > > inject it's rules). Unfortunately, in large quantity, > lumping multiple > > aliases from multiple sites to a one or more users who then want > > auto-forward to another email server for internet mail (i.e. gmail) > > makes it look like my server is generating spam to gmail/yahoo/etc. > > > > Ideas? > > > > > > Rick Robeson > > getlocalnews.com > > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > > > > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of Pete McNeil > > Sent: Thursday, September 01, 2005 8:44 AM > > To: Rick Robeson > > Subject: Re: [sniffer] can auto-forward be disabled when spam is > > detected? > > > > > > On Thursday, September 1, 2005, 9:12:17 AM, Rick wrote: > > > > RR> I'm using Sniffer with MXGuard, and Ipswitch Imail Server. > > RR> > > RR> For accounts who have auto-forwarding setup to transfer > > mail to a > > RR> remote mail account, I've noticed that they're > transferring all > > RR> mail, including detectable spam. Is there a way to block > > forwarding > > RR> when spam is detected? > > > > That's an mxG
RE: [sniffer] can auto-forward be disabled when spam is detected?
How would that address the fact that imail processes the auto-forward rule before processing the incoming messages rules (which is where I trigger x-header sniffer flag)? Rick Robeson getlocalnews.com [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Craig Deal Sent: Thursday, September 01, 2005 11:43 AM To: sniffer@SortMonster.com Subject: RE: [sniffer] can auto-forward be disabled when spam is detected? You can change your rules to forward spam to separate user quarantine mailbox (not a subfolder or sub-mailbox) that does not have forwarding setup. You just cannot make the rules forward (or move)the spam to a sub-mailbox like [EMAIL PROTECTED] on an account that is forwarded. Craig > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Rick Robeson > Sent: Thursday, September 01, 2005 1:17 PM > To: sniffer@SortMonster.com > Subject: RE: [sniffer] can auto-forward be disabled when spam > is detected? > > I think I see the problem, though not a quick solution. > > Mxguard merely handles traffic between imail and sniffer and > calculates its spam score and probability. IT has no override > capability excepting its own white and black lists blocking > calling for sniffer processing. > > IMail's processing order of activies (as listed in > http://www.ipswitch.com/support/imail/guide/imailug8.1/Chapter > %204%20process > ing2.html#47027 > ) > show that forwarding instructions are handled before domain > or user incoming rule execution. > > It is the domain and user incoming rule execution that is the > first level of being able to pick up sniffer/mxguard > instructions (via x-header presence/value). Only connection > or content filtering is used by imail prior to the forwarding > process. I don't see any way to have mxguard or sniffer > affect the connection or content filtering rules unless they > were somehow able to (for example) add a dummy url to the > content of the email which would trigger the content > filtering url blacklist. > > Ipswitch probably considers the current forwarding processing > order a feature (after all it allows another external mail > server rulebase to inject it's rules). Unfortunately, in > large quantity, lumping multiple aliases from multiple sites > to a one or more users who then want auto-forward to another > email server for internet mail (i.e. gmail) makes it look > like my server is generating spam to gmail/yahoo/etc. > > Ideas? > > > Rick Robeson > getlocalnews.com > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > > > -----Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Pete McNeil > Sent: Thursday, September 01, 2005 8:44 AM > To: Rick Robeson > Subject: Re: [sniffer] can auto-forward be disabled when spam > is detected? > > > On Thursday, September 1, 2005, 9:12:17 AM, Rick wrote: > > RR> I'm using Sniffer with MXGuard, and Ipswitch Imail Server. > RR> > RR> For accounts who have auto-forwarding setup to transfer > mail to a > RR> remote mail account, I've noticed that they're transferring all > RR> mail, including detectable spam. Is there a way to block > forwarding > RR> when spam is detected? > > That's an mxGuard question. SNF makes no distinctions on > where the message is going in an IMail environment... My > guess is that mxGuard is either not scanning these messages, > or that it either can't or doesn't take action in those cases. > > If I had to guess it's probably most likely that IMail > doesn't give mxGuard a chance to effect these messages, or > that in a similar way mxGuard doesn't effect them due to the > "split envelope" problem. > > Please let me know what you find out. > > Thanks, > > _M > > PS: Split Envelop Problem - When the SMTP envelope of a > messages indicates multiple recipients, and one of the > recipients has rules that would dispose of the message in > some way there is an inherent conflict. It goes against RFCs > to deliver the message to one recipient and not the other > (though that is probably desirable and may be/become the best > practice) since that would require "splitting the envelope" > and the message into two copies with each copy following a > different path. > > In a strict interpretation of email processing rules the > message must be either delivered to all recipients on the > envelope or not delivered. In many cases the final rule turns > out to be: "If anyone is supposed to receive this message > then everyone must. Once they have rece
RE: [sniffer] can auto-forward be disabled when spam is detected?
You can change your rules to forward spam to separate user quarantine mailbox (not a subfolder or sub-mailbox) that does not have forwarding setup. You just cannot make the rules forward (or move)the spam to a sub-mailbox like [EMAIL PROTECTED] on an account that is forwarded. Craig > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Rick Robeson > Sent: Thursday, September 01, 2005 1:17 PM > To: sniffer@SortMonster.com > Subject: RE: [sniffer] can auto-forward be disabled when spam > is detected? > > I think I see the problem, though not a quick solution. > > Mxguard merely handles traffic between imail and sniffer and > calculates its spam score and probability. IT has no override > capability excepting its own white and black lists blocking > calling for sniffer processing. > > IMail's processing order of activies (as listed in > http://www.ipswitch.com/support/imail/guide/imailug8.1/Chapter > %204%20process > ing2.html#47027 > ) > show that forwarding instructions are handled before domain > or user incoming rule execution. > > It is the domain and user incoming rule execution that is the > first level of being able to pick up sniffer/mxguard > instructions (via x-header presence/value). Only connection > or content filtering is used by imail prior to the forwarding > process. I don't see any way to have mxguard or sniffer > affect the connection or content filtering rules unless they > were somehow able to (for example) add a dummy url to the > content of the email which would trigger the content > filtering url blacklist. > > Ipswitch probably considers the current forwarding processing > order a feature (after all it allows another external mail > server rulebase to inject it's rules). Unfortunately, in > large quantity, lumping multiple aliases from multiple sites > to a one or more users who then want auto-forward to another > email server for internet mail (i.e. gmail) makes it look > like my server is generating spam to gmail/yahoo/etc. > > Ideas? > > > Rick Robeson > getlocalnews.com > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Pete McNeil > Sent: Thursday, September 01, 2005 8:44 AM > To: Rick Robeson > Subject: Re: [sniffer] can auto-forward be disabled when spam > is detected? > > > On Thursday, September 1, 2005, 9:12:17 AM, Rick wrote: > > RR> I'm using Sniffer with MXGuard, and Ipswitch Imail Server. > RR> > RR> For accounts who have auto-forwarding setup to transfer > mail to a > RR> remote mail account, I've noticed that they're transferring all > RR> mail, including detectable spam. Is there a way to block > forwarding > RR> when spam is detected? > > That's an mxGuard question. SNF makes no distinctions on > where the message is going in an IMail environment... My > guess is that mxGuard is either not scanning these messages, > or that it either can't or doesn't take action in those cases. > > If I had to guess it's probably most likely that IMail > doesn't give mxGuard a chance to effect these messages, or > that in a similar way mxGuard doesn't effect them due to the > "split envelope" problem. > > Please let me know what you find out. > > Thanks, > > _M > > PS: Split Envelop Problem - When the SMTP envelope of a > messages indicates multiple recipients, and one of the > recipients has rules that would dispose of the message in > some way there is an inherent conflict. It goes against RFCs > to deliver the message to one recipient and not the other > (though that is probably desirable and may be/become the best > practice) since that would require "splitting the envelope" > and the message into two copies with each copy following a > different path. > > In a strict interpretation of email processing rules the > message must be either delivered to all recipients on the > envelope or not delivered. In many cases the final rule turns > out to be: "If anyone is supposed to receive this message > then everyone must. Once they have received it they can > discard it if they wish, but an MTA shouldn't make that call > since it has essentially 'signed up' to be responsible for > delivering the message as is." > > > This E-Mail came from the Message Sniffer mailing list. For > information and (un)subscription instructions go to > http://www.sortmonster.com/MessageSniffer/Help/Help.html > > > This E-Mail came from the Message Sniffer mailing list. For > information and (un)subscription instructions go to > http://www.sortmonster.com/MessageSniffer/Help/Help.html > This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] can auto-forward be disabled when spam is detected?
I think I see the problem, though not a quick solution. Mxguard merely handles traffic between imail and sniffer and calculates its spam score and probability. IT has no override capability excepting its own white and black lists blocking calling for sniffer processing. IMail's processing order of activies (as listed in http://www.ipswitch.com/support/imail/guide/imailug8.1/Chapter%204%20process ing2.html#47027 ) show that forwarding instructions are handled before domain or user incoming rule execution. It is the domain and user incoming rule execution that is the first level of being able to pick up sniffer/mxguard instructions (via x-header presence/value). Only connection or content filtering is used by imail prior to the forwarding process. I don't see any way to have mxguard or sniffer affect the connection or content filtering rules unless they were somehow able to (for example) add a dummy url to the content of the email which would trigger the content filtering url blacklist. Ipswitch probably considers the current forwarding processing order a feature (after all it allows another external mail server rulebase to inject it's rules). Unfortunately, in large quantity, lumping multiple aliases from multiple sites to a one or more users who then want auto-forward to another email server for internet mail (i.e. gmail) makes it look like my server is generating spam to gmail/yahoo/etc. Ideas? Rick Robeson getlocalnews.com [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Pete McNeil Sent: Thursday, September 01, 2005 8:44 AM To: Rick Robeson Subject: Re: [sniffer] can auto-forward be disabled when spam is detected? On Thursday, September 1, 2005, 9:12:17 AM, Rick wrote: RR> I'm using Sniffer with MXGuard, and Ipswitch Imail Server. RR> RR> For accounts who have auto-forwarding setup to transfer mail RR> to a remote mail account, I've noticed that they're transferring RR> all mail, including detectable spam. Is there a way to block RR> forwarding when spam is detected? That's an mxGuard question. SNF makes no distinctions on where the message is going in an IMail environment... My guess is that mxGuard is either not scanning these messages, or that it either can't or doesn't take action in those cases. If I had to guess it's probably most likely that IMail doesn't give mxGuard a chance to effect these messages, or that in a similar way mxGuard doesn't effect them due to the "split envelope" problem. Please let me know what you find out. Thanks, _M PS: Split Envelop Problem - When the SMTP envelope of a messages indicates multiple recipients, and one of the recipients has rules that would dispose of the message in some way there is an inherent conflict. It goes against RFCs to deliver the message to one recipient and not the other (though that is probably desirable and may be/become the best practice) since that would require "splitting the envelope" and the message into two copies with each copy following a different path. In a strict interpretation of email processing rules the message must be either delivered to all recipients on the envelope or not delivered. In many cases the final rule turns out to be: "If anyone is supposed to receive this message then everyone must. Once they have received it they can discard it if they wish, but an MTA shouldn't make that call since it has essentially 'signed up' to be responsible for delivering the message as is." This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
Re: [sniffer] can auto-forward be disabled when spam is detected?
On Thursday, September 1, 2005, 9:12:17 AM, Rick wrote: RR> I'm using Sniffer with MXGuard, and Ipswitch Imail Server. RR> RR> For accounts who have auto-forwarding setup to transfer mail RR> to a remote mail account, I've noticed that they're transferring RR> all mail, including detectable spam. Is there a way to block RR> forwarding when spam is detected? That's an mxGuard question. SNF makes no distinctions on where the message is going in an IMail environment... My guess is that mxGuard is either not scanning these messages, or that it either can't or doesn't take action in those cases. If I had to guess it's probably most likely that IMail doesn't give mxGuard a chance to effect these messages, or that in a similar way mxGuard doesn't effect them due to the "split envelope" problem. Please let me know what you find out. Thanks, _M PS: Split Envelop Problem - When the SMTP envelope of a messages indicates multiple recipients, and one of the recipients has rules that would dispose of the message in some way there is an inherent conflict. It goes against RFCs to deliver the message to one recipient and not the other (though that is probably desirable and may be/become the best practice) since that would require "splitting the envelope" and the message into two copies with each copy following a different path. In a strict interpretation of email processing rules the message must be either delivered to all recipients on the envelope or not delivered. In many cases the final rule turns out to be: "If anyone is supposed to receive this message then everyone must. Once they have received it they can discard it if they wish, but an MTA shouldn't make that call since it has essentially 'signed up' to be responsible for delivering the message as is." This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
