{disarmed} MailScanner has detected fraud ON OUTGOING MAILS

Discuss the ConfigServer MailScanner Front-End script
tabouelo
Junior Member
Posts: 1
Joined: 19 Nov 2010, 09:10

{disarmed} MailScanner has detected fraud ON OUTGOING MAILS

Post by tabouelo »

Hi Mailscanner experts!...

I'm a novice in Mailscanner and I'm trying to solve these 2 problems:

When we send 3-4 legitimate emails to different email addresses with the same message, Mailscanner highjacks my email and writes: {disarmed} next to the title and writes: "MailScanner has detected a possible fraud attempt from "applewebdata:" claiming to be"

I don't mind scanning incoming mails. But I really want to deactivate Outgoing scanning because my clients are receiving Fraud and Spam Alerts from me although they are expecting my emails.

** Please tell me which Mailscanner option should I fix to change/deactivate Outgoing mail scanning? ***
sawbuck
Junior Member
Posts: 366
Joined: 10 Dec 2006, 16:20

Re: {disarmed} MailScanner has detected fraud ON OUTGOING MA

Post by sawbuck »

From FAQ 41: http://www.configserver.com/techfaq/index.php?faqid=41

"Disable scanning of outgoing messages. If you are running cPanel 11 and the latest version of the MailScanner Front-End, you can do this in WHM > ConfigServer MailScanner FE > MailScanner Performance > Enable Incoming Only Email Scanning."
Sarah
Moderator
Posts: 934
Joined: 09 Dec 2006, 22:49

Re: {disarmed} MailScanner has detected fraud ON OUTGOING MA

Post by Sarah »

Bear in mind also that recipient mail servers using MailScanner (and possibly other mail filtering systems as well) will still be marking these emails as possible fraud because of the way it is constructed. It would be a good idea to examine your email and modify it so that it is not triggering these fraud alerts. Usually this is when the URL in a link does not completely match the text of the link in an html email.

Regards,
Sarah
mikelegg
Junior Member
Posts: 46
Joined: 10 Nov 2007, 03:10

Re: {disarmed} MailScanner has detected fraud ON OUTGOING MA

Post by mikelegg »

sawbuck wrote:From FAQ 41: http://www.configserver.com/techfaq/index.php?faqid=41

"Disable scanning of outgoing messages. If you are running cPanel 11 and the latest version of the MailScanner Front-End, you can do this in WHM > ConfigServer MailScanner FE > MailScanner Performance > Enable Incoming Only Email Scanning."
I'm running the latest version of the MailScanner Front-End and cPanel 11, but I don't see this option. Does that mean that it's already enabled? If so, which button would I click if I wanted to disable it?
Sarah
Moderator
Posts: 934
Joined: 09 Dec 2006, 22:49

Re: {disarmed} MailScanner has detected fraud ON OUTGOING MA

Post by Sarah »

Unfortunately due to some changes in exim it is no longer possible to run MailScanner in incoming-only mode, so that option has been removed.
mikelegg
Junior Member
Posts: 46
Joined: 10 Nov 2007, 03:10

Re: {disarmed} MailScanner has detected fraud ON OUTGOING MA

Post by mikelegg »

Ah that explains it then - thank you
hartz
Junior Member
Posts: 1
Joined: 19 Feb 2011, 15:18
Contact:

Re: {disarmed} MailScanner has detected fraud ON OUTGOING MA

Post by hartz »

thank you for explains it
mikelegg
Junior Member
Posts: 46
Joined: 10 Nov 2007, 03:10

Re: {disarmed} MailScanner has detected fraud ON OUTGOING MA

Post by mikelegg »

I'm also stating to have my own outgoing emails marked as {Spam?} when they leave my server.

A typical score looks something like this ...

score=6.4
5 required
-1.90 BAYES_00
1.17 DYN_RDNS_AND_INLINE_IMAGE
0.00 DYN_RDNS_SHORT_HELO_HTML
1.01 DYN_RDNS_SHORT_HELO_IMAGE
0.00 FSL_HELO_NON_FQDN_1
0.00 HELO_NO_DOMAIN
1.62 HTML_IMAGE_ONLY_24
0.00 HTML_MESSAGE
0.98 RDNS_DYNAMIC
1.42 SARE_GIF_ATTACH
1.39 SHORT_HELO_AND_INLINE_IMAGE
0.69 TVD_RCVD_IP
0.01 T_DOS_OUTLOOK_TO_MX_IMAGE

To me it appears that a lot of the problem stems from MailScanner thinking that my office network has a dynamic IP (which it doesn't). I've added my office IP to the Trusted SMTP IPs in Exim, but it hasn't helped.

My domain is also whitelisted in the MailScanner config but this seems to have no effect on outgoing mail.

What can I do to make sure my own server doesn't treat my own mail as spam when I send it out? (It's a bit embarrassing)
mikelegg
Junior Member
Posts: 46
Joined: 10 Nov 2007, 03:10

Re: {disarmed} MailScanner has detected fraud ON OUTGOING MA

Post by mikelegg »

I've also added the following line to /usr/mscpanel/spam.whitelist.rules

From: *@mydomain.tld yes

But it didn't work
mikelegg
Junior Member
Posts: 46
Joined: 10 Nov 2007, 03:10

Re: {disarmed} MailScanner has detected fraud ON OUTGOING MA

Post by mikelegg »

Ah ... I added it to /usr/mailscanner/etc/rules/spam.whitelist.rules and that did the trick!
Post Reply