[EXIM] save /dev/null in a system filter (old version of exi…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Bruno Vuillemin
Date:  
À: exim-users
CC: Bruno.Vuillemin, postmaster
Sujet: [EXIM] save /dev/null in a system filter (old version of exim)
Hello Everybody

We are using a rather old version of Exim :1.82 on our MX boxes (sun Sol2.6)
but it works !

If the question is not "version independant" , please just let me know.

Yesterday I tried to modify our existing system filter (reason why below)

system filter file :
---
if $h_to: contains "invest1@???" or
$h_to: contains "stocknewsn0w@???"
then
save /dev/null
endif
---

The relevant configure file part is the following :

configure file
-----
message_filter = /somewhere/exim/etc/systemfilter.txt
message_filter_user = 42
#message_filter_group = 42
-----

I tested with 42 (exim uid) or "exim" and
with and without "message_filter_group = 42"

Here is  the result :
1999-06-15 14:55:08 10tsjU-000438-00 The address_file transport has not set 
                    a uid for local delivery of /dev/null


After that I modified (even I thought that strange)

configure file :
----
local_delivery:
driver = appendfile
file = /var/mail/${local_part}
user = exim
# mode = 0660
----

Same result ....

Is there a "version independant" explanation on this issue ?


Thanks
---------
Bruno Vuillemin (postmaster@???, University of Fribourg, Switerland)

---------

Details
I had to do that because a spammer had the good idea to forge
a return-path to the adresses like you see in the examples.

We hadn't done any relay at all but we received more than 60'000 non
delivery reports ! With some sites that opened a huge number
of parallel connections.

This is the second time in one week... much more reports yesterday.

I let you imagine my state of mind these times and the pleasure
I have to receive anti-spam warnings (some rather aggressive).

I am just waiting for the next spam ....


As a temporary solution
we modified the system filter and replaced the "save" by
a "seen deliver some-local-user@???"
and we do a
cat /dev/null > /var/mail/some-local-user
on a per minute basis.
... quick and dirty :-)




-------------------------------------------------------------------------------
Bruno.Vuillemin@???          {post/ftp/cache/news/unix}master@???
Service Informatique              tel (0(041)26)300.7206 
Universite de Fribourg            fax (0(041)26)300.9704
{Schweiz/Suisse/Svizzera/Svizra/  Switzerland}    
-------------------------------------------------------------------------------




--
*** Exim information can be found at http://www.exim.org/ ***