[Exim] Re: [exiscanusers] Flase Positives with Trend intersc…

Pàgina inicial
Delete this message
Reply to this message
Autor: Tom Kistner
Data:  
A: barrulus, exiscanusers, exim-users
Assumpte: [Exim] Re: [exiscanusers] Flase Positives with Trend interscan and Trend Spam Prevention
barrulus wrote:

> I use exiscan on all my exim mail servers and have had huge problems today
> with three of the major consumer ISP's in south africa rejecting any mail
> moving through any of my servers because of the X-scanner: exiscan line in
> the message header.


Someone is currently sending a VERY big wave of spam that includes bogus
X-Scanner: headers with exiscan's signature. The bogus headers look like
this:

X-Scanner: : exiscan for exim4 (http://duncanthrax.net/exiscan/)
*N5k6ECBnWGKt12NarMPIfkmU*

Note the double colon and the fake crypted message ID (there should be
three asterix chars in there)

> I have had to turn exiscan off for the interim until this is resolved, has
> anyone else had this problem and been able to resolve it?


I guess these postmasters reject mails on grounds of these spam
characteristics. They can fine tune their checks to look for the double
colon, then everything should be OK.

Feel free to forward this message to them if you want to.

regards,

/tom

--
Tom Kistner <tom@???> http://duncanthrax.net

-* US Army - where the bombs are smarter than the troops. *-