Re: [Exim] Blocking fake virus generated "bounces" not caugh…

Top Page
Delete this message
Reply to this message
Author: Giuliano Gavazzi
Date:  
To: patrick-d-1054320284.ecf2f5, exim-users
Subject: Re: [Exim] Blocking fake virus generated "bounces" not caught by Exiscan
The bounces are not fake (if you exclude the possibility of IP
spoofing), rather the messages that caused them had a fake sender
(your address), or you have a virus...
I would investigate.


At 21:08 +0200 2003/05/16, Patrick Starrenburg wrote:
>Dear All
>
>We have a situation with one of the latest viruses where they are sending
>fake "bounces" to our system. We are using Exim 4.20 + Exiscan (ACL mode) to
>block emails with the usual dangerous attachments but with the "bounces", i.e.
>from = <>, Exisan is not scanning and therefore *not* blocking the emails.
>
>This is from the exim main log (sensitive stuff replaced with XXXX)...
>---
>2003-05-16 17:04:45 19GglD-00072c-9i <= <> H=omr-d03.mx.aol.com
>[205.188.159.1] P=esmtp S=223993


^^^^^ this is a genuine aol address, probably of an outgoing mail relay (omr).

Giuliano