Bouncing viruses / spams with attachments is the same as sending viruses,
it's helping to propogate the virus. Either just return the header, or log
and drop the mail.
In our previous mail server (sendmail, procmail, SA, RAV, ClamAV)
configuration the rules were any incoming email with bad attachment were
logged and dropped. I would process the log daily against our customer email
database, if I got a match a Sales Agent would contact the customer
directly. Reasoning was that if they had a virus either they didn't know (no
up-to-date) virus protection), or their computer was in a mess and sending a
bounce wouldn't help the matter.
Well, that's my 0,02?
Back to the book
Graham
>
>
> The latest spate of viruses has caused someone to ask me if attachements
> should be removed from messages that are returned with bounces.
>
> The problem is that Exim doesn't analyse message bodies in any way.
> Properly sorting out MIME parts isn't trivial, as I understand it.
>
> Three fairly simple things could be done:
>
> 1. An option called bounce_return_body, defaulting TRUE, which, if
> turned off, would cause only the header to be returned in a bounce.
> I suspect few would set it. Should the default be FALSE?
>
> 2. An option called bounce_something which would do a simple job of
> looking for a "boundary" in a Content-type: header, and just return
> up to the second boundary - i.e. return only the first part of a
> message, assuming that it is not an attachment. I'm not all that keen
> on this one, because it is a hack.
>
> 3. The default value of return_size_limit is 100K. It could be reduced
> to, say 10K.
>
> Views?
>
> --
> Philip Hazel University of Cambridge Computing Service,
> ph10@??? Cambridge, England. Phone: +44 1223 334714.
>
>
> --
>
> ## List details at
http://www.exim.org/mailman/listinfo/exim-users Exim details at
http://www.exim.org/ ##
