Hi folks,
It looks like a common tactic of modern email viruses is to use
MAILER-DAEMON at the domain of the intended recipient as the sender
address.
When the exiscan content scanner finds a virus in these messages, it
sends a bounce message to the sender, which ends up coming to postmaster
at a local domain, which I have to read.
In my environment, it is never legitimate for hosts outside of the
servers network to send mail from MAILER-DAEMON at one of the local
domains.
So I'm thinking of adding this to my acl_smtp_rcpt ACL:
# Deny messages from the outside world with MAILER-DAEMON at a local
# domain as the sender address, to weed out messages from virus SMTP
# engines (which have a tendency to use such sender addresses) before
# they reach the content scanner and result in bounce messages that the
# postmaster has to read.
#
deny message = invalid use of sender <$sender_address>
sender_domains= +local_domains
hosts = !127.0.0.1/32 : !10.0.0.0/24 : *
condition = ${if eq \
{${lc:$sender_address_local_part}} \
{mailer-daemon} \
{yes}{no} \
}
Comments?
Ciao,
Sheldon.
