{disarmed} MailScanner has detected fraud ON OUTGOING MAILS

[tabouelo]

Hi Mailscanner experts!...

I'm a novice in Mailscanner and I'm trying to solve these 2 problems:

When we send 3-4 legitimate emails to different email addresses with the same message, Mailscanner highjacks my email and writes: {disarmed} next to the title and writes: "MailScanner has detected a possible fraud attempt from "applewebdata:" claiming to be"

I don't mind scanning incoming mails. But I really want to deactivate Outgoing scanning because my clients are receiving Fraud and Spam Alerts from me although they are expecting my emails.

** Please tell me which Mailscanner option should I fix to change/deactivate Outgoing mail scanning? ***

[sawbuck]

From FAQ 41: http://www.configserver.com/techfaq/index.php?faqid=41

"Disable scanning of outgoing messages. If you are running cPanel 11 and the latest version of the MailScanner Front-End, you can do this in WHM > ConfigServer MailScanner FE > MailScanner Performance > Enable Incoming Only Email Scanning."

[Sarah]

Bear in mind also that recipient mail servers using MailScanner (and possibly other mail filtering systems as well) will still be marking these emails as possible fraud because of the way it is constructed. It would be a good idea to examine your email and modify it so that it is not triggering these fraud alerts. Usually this is when the URL in a link does not completely match the text of the link in an html email.

Regards,
Sarah

[mikelegg]

From FAQ 41: http://www.configserver.com/techfaq/index.php?faqid=41

"Disable scanning of outgoing messages. If you are running cPanel 11 and the latest version of the MailScanner Front-End, you can do this in WHM > ConfigServer MailScanner FE > MailScanner Performance > Enable Incoming Only Email Scanning."

I'm running the latest version of the MailScanner Front-End and cPanel 11, but I don't see this option. Does that mean that it's already enabled? If so, which button would I click if I wanted to disable it?

[Sarah]

Unfortunately due to some changes in exim it is no longer possible to run MailScanner in incoming-only mode, so that option has been removed.

[mikelegg]

Ah that explains it then - thank you

[hartz]

thank you for explains it

[mikelegg]

I'm also stating to have my own outgoing emails marked as {Spam?} when they leave my server.

A typical score looks something like this ...

score=6.4
5 required
-1.90 BAYES_00
1.17 DYN_RDNS_AND_INLINE_IMAGE
0.00 DYN_RDNS_SHORT_HELO_HTML
1.01 DYN_RDNS_SHORT_HELO_IMAGE
0.00 FSL_HELO_NON_FQDN_1
0.00 HELO_NO_DOMAIN
1.62 HTML_IMAGE_ONLY_24
0.00 HTML_MESSAGE
0.98 RDNS_DYNAMIC
1.42 SARE_GIF_ATTACH
1.39 SHORT_HELO_AND_INLINE_IMAGE
0.69 TVD_RCVD_IP
0.01 T_DOS_OUTLOOK_TO_MX_IMAGE

To me it appears that a lot of the problem stems from MailScanner thinking that my office network has a dynamic IP (which it doesn't). I've added my office IP to the Trusted SMTP IPs in Exim, but it hasn't helped.

My domain is also whitelisted in the MailScanner config but this seems to have no effect on outgoing mail.

What can I do to make sure my own server doesn't treat my own mail as spam when I send it out? (It's a bit embarrassing)

[mikelegg]

I've also added the following line to /usr/mscpanel/spam.whitelist.rules

From: *@mydomain.tld yes

But it didn't work

[mikelegg]

Ah ... I added it to /usr/mailscanner/etc/rules/spam.whitelist.rules and that did the trick!