Why does MC reject mails from Trusted IP's?

Information about this forum

Moderators: mentor, Pascal, jorge, bourgeois, JohnMertz, ack, stephane

Post Reply
gweiler
Posts: 2
Joined: Tue Jun 12, 2018 3:41 pm
How did you hear about Mailcleaner: using it

Why does MC reject mails from Trusted IP's?

Post by gweiler » Thu Jul 02, 2020 9:51 am

Hello,

we are have configured mailcleaner to not scan outgoing mails (Configuration/Anti Spam/ Trusted IPs/Networks lists our exchange server)
but we see the below error for outgoing mails from the trusted IP in the first stage of mailcleaner (Incoming MTA logs).

"... rejected after DATA: This message contains malware (Heuristics.Phishing.Email.SpoofedDomain)"

How is this even possible? Who/What is scanning here?

Thanks for any help.
victorlclopes
Posts: 21
Joined: Wed May 08, 2019 7:07 pm
How did you hear about Mailcleaner: Internet search, forum recommendations

Re: Why does MC reject mails from Trusted IP's?

Post by victorlclopes » Thu Jul 02, 2020 5:18 pm

Hi there,

I sense there is a confusion regarding "incoming" and "outgoing" e-mail traffic here, or I didn't understand your topology/scenario.

If you're really using MailCleaner for outgoing traffic (your Exchange server sends mail to MailCleaner, which then sends it to the respective destination) and you don't want it to scan your outbound e-mail messages against viruses, you can uncheck the option "Scan relayed (outgoing) messages for viruses" under Configuration > SMTP > SMTP checks.

Or, if you expect to receive an e-mail from a trusted sender and that e-mail is not getting through, then you can add the sender's mail server IP to the "Trusted IPs/Networks" section you described, or add its domain name to the Whitelist, under your domain configuration (Configuration > Domains > your_domain > Filtering), for example.

But the Trusted IPs and Whitelists are related to Anti-Spam settings, so I'm not sure if it would bypass the anti-virus checks.
However, if the message contains malware, it doesn't seem a good idea to receive or send it, right... Or if it is a possible domain spoof, even if it's a false positive, then maybe you or your trusted sender have some more basic/critical settings to check on your/their mail environment.
gweiler
Posts: 2
Joined: Tue Jun 12, 2018 3:41 pm
How did you hear about Mailcleaner: using it

Re: Why does MC reject mails from Trusted IP's?

Post by gweiler » Mon Jul 20, 2020 3:54 pm

Yes, you're absolutely right.
Thank you for the quick response.
Post Reply