RE: [Exim] Bombarded by pif attachments

Pàgina inicial
Delete this message
Reply to this message
Autor: Nigel Metheringham
Data:  
A: Segree, Gareth
CC: 'exim-users@exim.org'
Assumpte: RE: [Exim] Bombarded by pif attachments
On Thu, 2003-09-04 at 14:44, Segree, Gareth wrote:
> I have the following in my exim.conf
>
> acl_smtp_rcpt = acl_check_rcpt
>
> begin acl
>
> acl_check_rcpt:
> accept hosts = :
> Etc...
>
> Do I put it after the accept host = :?


No, since the check you want to do (checking for a signature in a
header), cannot be done at RCPT time, as the headers are not received
until the data phase.

To use that check you must create a DATA ACL.

For example, if you do not have a data ACL already you must add the
following into the main configuration section:-
acl_smtp_data = check_message

and then define the ACL:-
  #!!# ACL that is used after the DATA command
  check_message:
        # This checks for defective TZ date header - Common Virus Header
        # Lets log this to the logs
        warn    log_message = DISCARD: MALFORMED DATE HEADER (double Dash on TZ)
                condition = ${if match{$header_date:}{\N\s--\d{4}$\N}{yes}{no}}


        # Now discard it so it doesn't bounce back as a virus sent by our user.
        discard condition = ${if match{$header_date:}{\N\s--\d{4}$\N}{yes}{no}}


    # and by default accept
    accept




    Nigel.
--
[ Nigel Metheringham           Nigel.Metheringham@??? ]
[ - Comments in this message are my own and not ITO opinion/policy - ]