[Exim] "From" header on system filter replies

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
MDave C. at ->
Delete this message
Reply to this message
Author: Greg Ward
Date:  
To: exim-users
Subject: [Exim] "From" header on system filter replies
I'm maintaining Exim on two separate Linux boxes, both using a system
filter derived from Nigel's "executable content" filter. I don't
understand how the "From" header is generated when this filter generates
a virus reject message.

The first box is running Exim 3.12 on Debian 2.2 (potato); exim_user and
exim_group are both "mail". Virus reject messages from this system look
like this:

To: gward@???
Subject: Mail returned: virus detected (SirCam)
From: Mail Delivery System <Mailer-Daemon@???>

...which is perfect. (The envelope sender is "<>", which I think is
correct.)

The second box is running Exim 3.35 (compiled by me) on Red Hat 6.2;
exim_user and exim_group are both "exim". On this system, virus
rejections look like

To: gward@???
Subject: Mail returned: virus detected (SirCam)
From: exim@???

That "From" header is slightly yucky. (The envelope sender is still
"<>", though.) How can I fix it -- ie. make it the same as above --
without setting the "from" option on every "mail" command in the system
filter?

For the record, here is the "mail" command that generated the excerpted
rejections on both systems: 

  mail to $return_path
       subject "Mail returned: virus detected (SirCam)"
       text "This message has been rejected because it matches\n\
             the signature of a known e-mail worm (SirCam).  This\n\
             probably means that your PC has been infected with this\n\
             worm; see\n\
             \ \ http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html\n\
             for more information."
       return message
       once /var/spool/exim/viral-reject-sircam.db
       once_repeat 1d


Oh, and here is the relevant section from both config files (which are
quite different, but the filtering stuff is the same):

# Virus filtering, using a filter descended from Nigel Metheringham's
# filter for rejecting mail that looks like a Windows e-mail virus.
message_filter = /etc/exim/system_filter
message_body_visible = 5000

# These are needed so we can save, pipe, or send mail from the
# system filter.
message_filter_file_transport = address_file
message_filter_pipe_transport = address_pipe
message_filter_reply_transport = address_reply

Thanks -- 

        Greg
--
Greg Ward - software developer                gward@???
MEMS Exchange                            http://www.mems-exchange.org



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] Plus extension not in FAQ?Re: [Exim] Possible Malice on the Internet??->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)