[Avcheck] Sender alert with private domain email in the list of receiver
JVD
bono@wol.be
Wed, 19 Sep 2001 00:50:16 +0200
C'est un message de format MIME en plusieurs parties.
------=_NextPart_000_056C_01C140A5.0C292890
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hi all,
I installed avcheck 0.3 recently and i would like first to thanks all =
people that contribute to it for this great job :-)
All seems to work perfectly !!
But i've a problem with the Virus-warning email sent to the sender (only =
for traffic from internet to my private network) :
If the email does'nt contain virus file, the sender and the receiver =
email addresses are not modified by postfix or avcheck, that's ok !
If an email contains virus file, the receiver address is modified to =
account_name@my.dialup.Network.tst (a private domain email)
(even in account_name@localhost.my.dialup.Network.tst )
It is a good point because warnings (to receiver ad admin) are not send =
through internet but are delivered localy on my network :-)
But the mail sent to the sender contains =
account_name@my.dialup.Network.tst in the list of the receivers... =
that's not good :(
"... The mail system received a message from you (anybody@yahoo.com)
destined to myEmail@my.dialup.Network.tst that contains either infected =
or suspicious file(s) ..."
Now you should say :
this is not a problem with avcheck but with your Postfix configuration =
files ...
I can't because i've a lot of emails that coming from same account =
(login+pwd) (and that is not a problem when i use only postfix).
For example :=20
isp_account1 : father@isp.1 brother@isp.1 me@remailer.com to account =
familly on my box.
isp_account2 : mother@isp.2 me@isp.2 to account familly on my box.
(When mother send an email, the "from" header is mother@isp.2 , through =
the postfix server to the internet, and not mother@my.dialup.Network.tst =
)
So i don't see a way to do that :(
I would like that if father@isp.1 receive a virus from a sender, his =
real internet email address is mentionned in the sender virus warning =
response, and not the familly@my.dialup.Network.tst email.
I looked for sendmail & procmail options, in the master.cf, in avcheck =
options, but i don't see any way to do that.
Maybe, it is possible to make a function that will extract the "To:" and =
"cc:" header from the original attached message in place of use your =
list of receivers.
I'll try.
If you find an easier solution, don't hesitate.
Hope you understood me ;-)
Thx
Best regards,
JVD
PS : i had the same problem with the AVP official version, but yours is =
more modulable :-) i like that !
------=_NextPart_000_056C_01C140A5.0C292890
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2920.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DTahoma>Hi all,</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DTahoma>I installed avcheck 0.3 recently and i =
would like=20
first to thanks all people that contribute to it for this great job =
:-)</FONT></DIV>
<DIV><FONT face=3DTahoma>All seems to work perfectly !!</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DTahoma>But i've a problem with the Virus-warning =
email sent=20
to the sender (only for traffic from internet to my private network)=20
:</FONT></DIV>
<DIV><FONT face=3DTahoma>If the email does'nt contain virus file, the =
sender and=20
the receiver email addresses are not modified by postfix or avcheck, =
that's ok=20
!</FONT></DIV>
<DIV><FONT face=3DTahoma></FONT> </DIV>
<DIV><FONT face=3DTahoma>If an email contains virus file, the receiver =
address is=20
modified to <A=20
href=3D"mailto:account_name@my.dialup.Network.tst">account_name@my.dialup=
.Network.tst</A>=20
(a private domain email)</FONT></DIV>
<DIV><FONT face=3DTahoma>(even in <A=20
href=3D"mailto:account_name@localhost.my.dialup.Network.tst">account_name=
@localhost.my.dialup.Network.tst</A> )</FONT></DIV>
<DIV><FONT face=3DTahoma>It is a good point because warnings (to =
receiver ad=20
admin) are not send through internet but are delivered localy on my =
network=20
:-)</FONT></DIV>
<DIV><FONT face=3DTahoma>But the mail sent to the sender contains =
<A=20
href=3D"mailto:account_name@my.dialup.Network.tst">account_name@my.dialup=
.Network.tst</A> in=20
the list of the receivers... that's not good :(</FONT></DIV>
<DIV><FONT face=3DTahoma>
<DIV><FONT face=3DTahoma>"... The mail system received a message from =
you (<A=20
href=3D"mailto:anybody@yahoo.comasynet.be">anybody@yahoo.com</A>)<BR>dest=
ined to=20
<A=20
href=3D"mailto:myEmail@my.dialup.Network.tst">myEmail@my.dialup.Network.t=
st</A> that=20
contains either infected or suspicious file(s) ..."</FONT></DIV>
<DIV> </DIV>
<DIV>Now you should say :</DIV>
<DIV>this is not a problem with avcheck but with your Postfix =
configuration=20
files ...</DIV>
<DIV> </DIV>
<DIV>I can't because </FONT><FONT face=3DTahoma>i've a lot of emails =
that coming=20
from same account (login+pwd) (and that is not a problem when i use only =
postfix).</FONT></DIV>
<DIV><FONT face=3DTahoma>For example : </FONT></DIV>
<DIV><FONT face=3DTahoma>isp_account1 : <A=20
href=3D"mailto:father@isp.1">father@isp.1</A> <A=20
href=3D"mailto:brother@isp.1">brother@isp.1</A> <A=20
href=3D"mailto:me@remailer.com">me@remailer.com</A> to account familly =
on=20
my box.</FONT></DIV>
<DIV><FONT face=3DTahoma>isp_account2 : <A=20
href=3D"mailto:mother@isp.2">mother@isp.2</A> <A=20
href=3D"mailto:me@isp.2">me@isp.2</A> to account familly on=20
my box.</FONT></DIV>
<DIV><FONT face=3DTahoma>(When mother send an email, the =
"from" header=20
is <A href=3D"mailto:mother@isp.2">mother@isp.2</A> , through the =
postfix=20
server to the internet, and not <A=20
href=3D"mailto:mother@my.dialup.Network.tst">mother@my.dialup.Network.tst=
</A>=20
)</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DTahoma>So i don't see a way to do that :(</FONT></DIV>
<DIV><FONT face=3DTahoma>I would like that if <A=20
href=3D"mailto:father@isp.1">father@isp.1</A> receive a virus from =
a sender,=20
his real internet email address is mentionned in the sender virus =
warning=20
response, and not the <A=20
href=3D"mailto:familly@my.dialup.Network.tst">familly@my.dialup.Network.t=
st</A> email.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DTahoma>I looked for sendmail & procmail options, =
in the=20
master.cf, in avcheck options, but i don't see any way to do =
that.</FONT></DIV>
<DIV><FONT face=3DTahoma>Maybe, it is possible to make a =
function that will=20
extract the "To:" and "cc:" header from the original attached message in =
place=20
of use your list of receivers.</FONT></DIV>
<DIV><FONT face=3DTahoma>I'll try.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DTahoma>If you find an easier solution, don't=20
hesitate.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DTahoma>Hope you understood me ;-)</FONT></DIV>
<DIV><FONT face=3DTahoma>Thx</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DTahoma>Best regards,</FONT></DIV>
<DIV><FONT face=3DTahoma>JVD</FONT></DIV><FONT face=3DTahoma></DIV>
<DIV> </DIV>
<DIV>
<DIV><FONT face=3DTahoma>PS : i had the same problem with the AVP =
official=20
version, but yours is more modulable :-) i like that=20
!</FONT></DIV></DIV></FONT></BODY></HTML>
------=_NextPart_000_056C_01C140A5.0C292890--