Re: [Exim] Bombarded by pif attachments

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Enkidu
Date:  
À: exim-users
Sujet: Re: [Exim] Bombarded by pif attachments
On Thu, 4 Sep 2003 16:52:22 +0200, you wrote:

>On (2003/09/04 08:47), Segree, Gareth wrote:
>
>> >deny    message   = This message contains an unwanted file extension \
>> >                  ($found_extension)
>> >  demime          = pif:exe:com:scr:vbs
>> What I have done was put this in the system-filter.
>> Doesn't this have the same effect.

>
>No. You're not creating bounce messages in response to worm activity,
>which is a Very Bad Thing[TM].
>

I'm not sure what you mean here. Creating bounce messages is NEVER
EVER a good idea. Too many mail admin have set up filters that bounce
messages without considering that almost every worm, virus email or
SPAM email has munged headers and the bounces go to the wrong place.
It's reached a state where we get more invalid bounces than emails
with viruses, worms and SPAM! When you are talking thousands a day
that is a real problem.

I hope that is what you meant. I assume that the "not" should not be
there?

If I have time I send a message to posmaster and abuse at the biggest
offenders and politely ask for them to configure their software to
stop it bouncing invalidly. The ultimate sanction is to block the
Domain. I've not done that *yet*.

Cheers,

Cliff
--

The complete lack of evidence is the surest sign
that the conspiracy is working.