Author: Giuliano Gavazzi Date: To: patrick-d-1054320284.ecf2f5, exim-users Subject: Re: [Exim] Blocking fake virus generated "bounces" not caught by
Exiscan
The bounces are not fake (if you exclude the possibility of IP
spoofing), rather the messages that caused them had a fake sender
(your address), or you have a virus...
I would investigate.
At 21:08 +0200 2003/05/16, Patrick Starrenburg wrote: >Dear All
>
>We have a situation with one of the latest viruses where they are sending
>fake "bounces" to our system. We are using Exim 4.20 + Exiscan (ACL mode) to
>block emails with the usual dangerous attachments but with the "bounces", i.e.
>from = <>, Exisan is not scanning and therefore *not* blocking the emails.
>
>This is from the exim main log (sensitive stuff replaced with XXXX)...
>---
>2003-05-16 17:04:45 19GglD-00072c-9i <= <> H=omr-d03.mx.aol.com
>[205.188.159.1] P=esmtp S=223993
^^^^^ this is a genuine aol address, probably of an outgoing mail relay (omr).