Re: [Exim] "From" header on system filter replies

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MGreg Ward at <-
MGreg Ward at ->
Delete this message
Reply to this message
Author: Dave C.
Date:  
To: Greg Ward
CC: exim-users
Subject: Re: [Exim] "From" header on system filter replies
Off-the-top-off-my-head thoughts:

1. Is exim suid root on the second box?
2. Is the exim user on the second box somehow not 'trusted' ?


On Tue, 5 Mar 2002, Greg Ward wrote:

> I'm maintaining Exim on two separate Linux boxes, both using a system
> filter derived from Nigel's "executable content" filter. I don't
> understand how the "From" header is generated when this filter generates
> a virus reject message.
>
> The first box is running Exim 3.12 on Debian 2.2 (potato); exim_user and
> exim_group are both "mail". Virus reject messages from this system look
> like this:
>
> To: gward@???
> Subject: Mail returned: virus detected (SirCam)
> From: Mail Delivery System <Mailer-Daemon@???>
>
> ...which is perfect. (The envelope sender is "<>", which I think is
> correct.)
>
> The second box is running Exim 3.35 (compiled by me) on Red Hat 6.2;
> exim_user and exim_group are both "exim". On this system, virus
> rejections look like
>
> To: gward@???
> Subject: Mail returned: virus detected (SirCam)
> From: exim@???
>
> That "From" header is slightly yucky. (The envelope sender is still
> "<>", though.) How can I fix it -- ie. make it the same as above --
> without setting the "from" option on every "mail" command in the system
> filter?
>
> For the record, here is the "mail" command that generated the excerpted
> rejections on both systems:
>
>   mail to $return_path
>        subject "Mail returned: virus detected (SirCam)"
>        text "This message has been rejected because it matches\n\
>              the signature of a known e-mail worm (SirCam).  This\n\
>              probably means that your PC has been infected with this\n\
>              worm; see\n\
>              \ \ http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html\n\
>              for more information."
>        return message
>        once /var/spool/exim/viral-reject-sircam.db
>        once_repeat 1d

>
> Oh, and here is the relevant section from both config files (which are
> quite different, but the filtering stuff is the same):
>
> # Virus filtering, using a filter descended from Nigel Metheringham's
> # filter for rejecting mail that looks like a Windows e-mail virus.
> message_filter = /etc/exim/system_filter
> message_body_visible = 5000
>
> # These are needed so we can save, pipe, or send mail from the
> # system filter.
> message_filter_file_transport = address_file
> message_filter_pipe_transport = address_pipe
> message_filter_reply_transport = address_reply
>
> Thanks --
>
>         Greg
> --
> Greg Ward - software developer                gward@???
> MEMS Exchange                            http://www.mems-exchange.org

>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>


--




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[Exim] callbacks in exim 4.01[Exim] about virtualdomain->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)