Hello Everybody
We are using a rather old version of Exim :1.82 on our MX boxes (sun Sol2.6)
but it works !
If the question is not "version independant" , please just let me know.
Yesterday I tried to modify our existing system filter (reason why below)
system filter file :
---
if $h_to: contains "invest1@???" or
$h_to: contains "stocknewsn0w@???"
then
save /dev/null
endif
---
The relevant configure file part is the following :
configure file
-----
message_filter = /somewhere/exim/etc/systemfilter.txt
message_filter_user = 42
#message_filter_group = 42
-----
I tested with 42 (exim uid) or "exim" and
with and without "message_filter_group = 42"
Here is the result :
1999-06-15 14:55:08 10tsjU-000438-00 The address_file transport has not set
a uid for local delivery of /dev/null
After that I modified (even I thought that strange)
configure file :
----
local_delivery:
driver = appendfile
file = /var/mail/${local_part}
user = exim
# mode = 0660
----
Same result ....
Is there a "version independant" explanation on this issue ?
Thanks
---------
Bruno Vuillemin (postmaster@???, University of Fribourg, Switerland)
---------
Details
I had to do that because a spammer had the good idea to forge
a return-path to the adresses like you see in the examples.
We hadn't done any relay at all but we received more than 60'000 non
delivery reports ! With some sites that opened a huge number
of parallel connections.
This is the second time in one week... much more reports yesterday.
I let you imagine my state of mind these times and the pleasure
I have to receive anti-spam warnings (some rather aggressive).
I am just waiting for the next spam ....
As a temporary solution
we modified the system filter and replaced the "save" by
a "seen deliver some-local-user@???"
and we do a
cat /dev/null > /var/mail/some-local-user
on a per minute basis.
... quick and dirty :-)
-------------------------------------------------------------------------------
Bruno.Vuillemin@??? {post/ftp/cache/news/unix}master@???
Service Informatique tel (0(041)26)300.7206
Universite de Fribourg fax (0(041)26)300.9704
{Schweiz/Suisse/Svizzera/Svizra/ Switzerland}
-------------------------------------------------------------------------------
--
*** Exim information can be found at
http://www.exim.org/ ***
