[Exim] Re: Exiscan 4.10-15

Top Pagina
Delete this message
Reply to this message
Auteur: Tom Kistner
Datum:  
Aan: exim-users
Onderwerp: [Exim] Re: Exiscan 4.10-15
Jeffrey Wheat wrote:

 >     After seeing this behavoir, I am not comfortable anymore. I can see a
 > situation where someone forges a mail header with an exiscan tag and sends
 > a virus. Our mail server sees the tag and allows it to go through without
 > checking? Is this how it works? It seems to be that way as my staging server
 > never checks mail.


Make sure that exiscan_crypt_salt is different on all your machines.

To forge a header, someone must know your exiscan_crypt_salt value, so keep it
secret :)

/tom


--
Tom Kistner <tom@???>
ICQ 1501527 dcanthrax@efnet
http://duncanthrax.net