Re: [Exim] System_Filter: Executables Attachment, Executable…

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Tim Jackson
Data:  
Para: exim-users
Asunto: Re: [Exim] System_Filter: Executables Attachment, Executables Links, Script Bytecode, Spy Images
Hi Silmar, on Thu, 25 Sep 2003 11:36:02 -0300 you wrote:

> http://home.grupogsn.com.br/~marca/ftp/exim/system_filter
> Welcome Sujestions


Nice idea, but please don't use it, because as far as I can see it creates
bounce messages for all of these things, thus you will end up sending
collateral spam in the event that inbound messages that are caught have
faked senders. This is particularly bad timing after a month in which
we've seen unprecedented e-mail storms of "you sent us something bad"-type
bounces.

Much of what you're trying to achieve is already possible in a better way
using Exiscan with or without SpamAssassin ( HOWTO at
http://www.timj.co.uk/linux/exim.php ), and for anything that isn't, you
could always cook up some custom SA rules.

If you are going to use this filter despite the above, please can you at
least ensure that all the different kinds of bounce generated have some
unambiguous and never-changing identifier (e.g.
X-Grupogsn-Bad-Stuff-Bounce: ...") so that others (like me) can add it to
our SA rules and filter as spam? I managed to keep some mailboxes usable
during the last storm by blacklisting easily-identifiable bounces from
common software including various AV's and Nigel's old Exim system_filter
script, but the proliferation of custom filters like this makes that
objective more difficult to achieve.


Tim