Author: Chris Sleep Date: To: exim-users Subject: RE: [Exim] Exim Filter bypass problems
> Chris Sleep rearranged electrons thusly: >
> > Which was fine until snow white (aka hybris) appeared, which
> spreads itself
> > as a bounce message with <> envelope, and thus is passed before
> the filter
> > checks. I've now updated my global filter to read (summarised): > Doesn't ChkHeaderFrom (if I remember correctly) match the from,
> instead of the
> envelope-from? Hybris always comes with from: hahaha@??? (and
> envelope-from <>)
Yes it does, but randomising the From: header won't take long for the next
enterprising virus writer to pick up on, and then we're back to an open
route in for executables, and I don't think that maintaining a list of
virus-senders-who-masquerade-as-postmaster is quite the best way to go about
things.
Given that over the past day I've received about a dozen bounces of assorted
hybris messages trying to get in, I'm much happier keeping all messages from
postmaster running through the filter, rather than picking up the pieces of
infected PC's