[Exim] Re: IMPORTANT: Incorrect operation of "Generic Window…

Top Page
Delete this message
Reply to this message
Author: Nigel Metheringham
Date:  
To: Chris Drake
CC: exim-users
Subject: [Exim] Re: IMPORTANT: Incorrect operation of "Generic Windows Executable Content" filter
Entire original message with my comments copied to the exim-users
mailing list - thinly veiled lawsuit threats deserve to be made widely
available for appropriate ridicule.


On Tue, 2002-06-11 at 16:07, Chris Drake wrote:
> Hi,
>
> Your "Generic Windows Executable Content" filter is incorrectly
> blocking emails my customers have paid to receive, and probably also
> all RFC compliant notifications which include the original message.


Yup, seems reasonable. [Apart from you seem to have reversed the normal
meaning of "incorrectly". Note that a *correctly* formatted bounce
message will not be touched by the extension handler. Then again if you
are using such RFC non-compliant products as are produced by a large US
monopoly for handling email then you are already in deep trouble.


> Please fix this filter and ensure all users of it are provided with an
> update - or please remove this malfunctioning code completely.


It does precisely what its intended to do.
Its also unmaintained anyhow.
I have no record - nor do I wish to have a record of the users of the
filters.

> Note that interception of personal emails as this filter is doing at
> present may be considered illegal. I will not be responsible for
> direct and/or consequential losses that your code is causing to my
> customers, and I will direct any lawsuits that might arise in this
> matter to you and/or the users of your code.


> The specific error message that occurs is triggered whenever any
> incoming email has an ".eml" attachment (this is an RFC compliant copy
> of an email - such as would be returned when a message bounces):-
>
> MDS> This message was created automatically by mail delivery software (Exim).
>
> MDS> A message that you sent could not be delivered to one or more of its
> MDS> recipients. This is a permanent error. The following address(es) failed:
>
> MDS>   salim@???
> MDS>     This message has been rejected because it has
> MDS>     a potentially executable attachment "Proof-of-Posting.eml"
> MDS>     This form of attachment has been used by
> MDS>     recent viruses or other malware.
> MDS>     If you meant to send this file then please
> MDS>     package it up as a zip file and resend it.

>
>
> Here are sample headers which trigger the incorrect detection above:-
> MDS> Content-Type: message/rfc822;
> MDS>         name="Proof-of-Posting.eml"
> MDS> Content-Disposition: attachment;
> MDS>         filename="Proof-of-Posting.eml"

>
>
> If you want to filter viruses, use a virus scanner. Damaging existing
> services and products by incorrect assumptions as you are now doing is
> not helpful.


It is not a virus scanner. It prevents particular types of content
being delivered. If thats a problem to you then take it up with those
managing the mail server concerned.

> If you want to block emails, you should also provide a contact in the
> rejection notice so the person running the block code can be informed
> by the victims when it is interfering with customer communications.


Up to the person managing the mail server concerned - I'm certainly not
putting my contact details there because it is not my problem.

> Kind Regards,
> Chris Drake
>


Thank you for telling me all the things I should do. I intend to
completely ignore them. Get some real experience of real (not mickey
mouse) mail systems before lecturing.

    Nigel.