we are have configured mailcleaner to not scan outgoing mails (Configuration/Anti Spam/ Trusted IPs/Networks lists our exchange server)
but we see the below error for outgoing mails from the trusted IP in the first stage of mailcleaner (Incoming MTA logs).
"... rejected after DATA: This message contains malware (Heuristics.Phishing.Email.SpoofedDomain)"
How is this even possible? Who/What is scanning here?
Thanks for any help.
- Posts: 21
- Joined: Wed May 08, 2019 7:07 pm
- How did you hear about Mailcleaner: Internet search, forum recommendations
I sense there is a confusion regarding "incoming" and "outgoing" e-mail traffic here, or I didn't understand your topology/scenario.
If you're really using MailCleaner for outgoing traffic (your Exchange server sends mail to MailCleaner, which then sends it to the respective destination) and you don't want it to scan your outbound e-mail messages against viruses, you can uncheck the option "Scan relayed (outgoing) messages for viruses" under Configuration > SMTP > SMTP checks.
Or, if you expect to receive an e-mail from a trusted sender and that e-mail is not getting through, then you can add the sender's mail server IP to the "Trusted IPs/Networks" section you described, or add its domain name to the Whitelist, under your domain configuration (Configuration > Domains > your_domain > Filtering), for example.
But the Trusted IPs and Whitelists are related to Anti-Spam settings, so I'm not sure if it would bypass the anti-virus checks.
However, if the message contains malware, it doesn't seem a good idea to receive or send it, right... Or if it is a possible domain spoof, even if it's a false positive, then maybe you or your trusted sender have some more basic/critical settings to check on your/their mail environment.
Thank you for the quick response.