Emails that are not being scanned have a bogus to: but get a delivered_to: for a valid email box on the domain.
This is a header of an email that got around the scanner.
Return-Path:
Delivered-To: 96-homesby@rnc.com <-- email alias for an accont (valid)
Received: (qmail 16932 invoked from network); 29 Nov 2005 18:04:00 -0600
Received: from user-12hc5ml.cable.mindspring.com (HELO flkbiuui.com) (69.22.22.213)
by svr2.makeitcomplete.com with SMTP; 29 Nov 2005 18:03:59 -0600
From: postman@nullsoft.com
To: mailserver@rnc.com <-- bogus email address
Date: Tue, 29 Nov 2005 22:57:20 UTC
Subject: Registration Confirmation
Importance: Normal
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
Message-ID: <7c5e4810.dbf5a8b79@nullsoft.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="======acdee5c5d8ca"
Content-Transfer-Encoding: 7bit
X-Mail-Format-Warning: Bad RFC2822 header formatting in This is a multi-part message in MIME format.
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on
svr2.makeitcomplete.com
X-Spam-Level: **
X-Spam-Status: No, hits=2.3 required=5.0 tests=MISSING_MIMEOLE,NO_REAL_NAME,
PRIORITY_NO_NAME autolearn=no version=2.63
From what I can tell the emails are scanned based on the address that is in the to: checked against the /etc/drweb/drweb_users.conf file. Of course the bogus name is not there and it is then not checked.
There is no catch all for the domain for bad emails adderss they should reject.
I am going to try a workaround or creating new accounts for the aliases and then redirect them to the correct party but that does not seem to be the correct solution.
Does anyone have any insight into how this can be corrected?
-Jay