> Have any acls for exim4 been written to block the latest
> sobig.f virus released today. We've received over 300 of
> them and would like to block at smtp level if possible.
I've noticed lots of them EHLO as "ED". You could check to see if there's a
dot in the HELO name (pretty much all legit mail EHLOs as a FQDN or is that
FQHN =)
drop message = We do not accept mail of this kind
condition = ${if match{$sender_helo_name}{ED}{yes}{no}}
You can put this anywhere(almost), I prefer (since this isn't a real MTA and
doesn't attempt to deliver again) to put this in the helo acl. Putting it
in the data acl will simply waste your bandwidth =)
I assume most people prefer to put this in the rcpt acl (but replacing drop
with deny)
--
Lab tests show that use of micro$oft causes cancer in lab animals