Hi Segree,, on Thu, 4 Sep 2003 08:47:44 -0500 you wrote:
> >deny message = This message contains an unwanted file extension \
> > ($found_extension)
> > demime = pif:exe:com:scr:vbs
> What I have done was put this in the system-filter.
> Doesn't this have the same effect.
For you, more or less, although the system filter isn't perfect. However,
the situation isn't the same for the innocent users that you end up
sending the "fail" text to.
PLEASE PLEASE PLEASE stop using Nigel's old system_filter, at least if you
are going to make it send bounces, because otherwise you just end up
basically spamming innocent users (because the sender is fake). With the
recent Sobig outbreak, I had to deal with far more stupid "you sent us a
virus" bounces (to users that were never infected) than the real thing. As
a result I've personally set up filtering to kill off any bounces that
look like they are from an old school Exim system_filter, but the problem
really needs to be stopped at source. Using Exiscan instead of a filter
will significantly reduce the amount of "collateral spam" flying around.
Tim