I'm maintaining Exim on two separate Linux boxes, both using a system
filter derived from Nigel's "executable content" filter. I don't
understand how the "From" header is generated when this filter generates
a virus reject message.
The first box is running Exim 3.12 on Debian 2.2 (potato); exim_user and
exim_group are both "mail". Virus reject messages from this system look
like this:
To: gward@???
Subject: Mail returned: virus detected (SirCam)
From: Mail Delivery System <Mailer-Daemon@???>
...which is perfect. (The envelope sender is "<>", which I think is
correct.)
The second box is running Exim 3.35 (compiled by me) on Red Hat 6.2;
exim_user and exim_group are both "exim". On this system, virus
rejections look like
To: gward@???
Subject: Mail returned: virus detected (SirCam)
From: exim@???
That "From" header is slightly yucky. (The envelope sender is still
"<>", though.) How can I fix it -- ie. make it the same as above --
without setting the "from" option on every "mail" command in the system
filter?
For the record, here is the "mail" command that generated the excerpted
rejections on both systems:
mail to $return_path
subject "Mail returned: virus detected (SirCam)"
text "This message has been rejected because it matches\n\
the signature of a known e-mail worm (SirCam). This\n\
probably means that your PC has been infected with this\n\
worm; see\n\
\ \ http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html\n\
for more information."
return message
once /var/spool/exim/viral-reject-sircam.db
once_repeat 1d
Oh, and here is the relevant section from both config files (which are
quite different, but the filtering stuff is the same):
# Virus filtering, using a filter descended from Nigel Metheringham's
# filter for rejecting mail that looks like a Windows e-mail virus.
message_filter = /etc/exim/system_filter
message_body_visible = 5000
# These are needed so we can save, pipe, or send mail from the
# system filter.
message_filter_file_transport = address_file
message_filter_pipe_transport = address_pipe
message_filter_reply_transport = address_reply
Thanks --
Greg
--
Greg Ward - software developer gward@???
MEMS Exchange http://www.mems-exchange.org