A week or so ago, I posted a message to show that the use of the ACL that
traps EXE PIF SCR AND COM was saving my system from having to check that
crap with my virus scanner (ClamAV). All of the Swen files coming in were
being caught by the ACL attachment checks and none were even getting to
the virus scanner.
I inserted a copy of my error checking scripts output that looked
something like:
Exim Error Stat Collector - Version 1.0
===============================================================
Obtaining Records for 2003-09-27... 4181 records were found
BLACKLIST Hostname 129
BLACKLIST Sender 0
BOUNCE Attachment 0
BROKEN HELO-EHLO 95
DISCARD VIRUS 0
DISCARD ATTACHMENT 1
EXE ATTACHMENT 1
COM ATTACHMENT 0
PIF ATTACHMENT 0
SCR ATTACHMENT 0
DISCARD MAXSPAM 0
DISCARD TZDATE 0
DROP RBL-ALWAYS 11
HELO MISMATCH 151
HELO OUR SYSTEM 0
HELO OUR IP 116
MARKED AS SPAM 28
MIME ERROR 0
BLACKLIST EXPRESSION 0
RELAYING NOT ALLOWED 5
SPAM BLOCK RBL-LOCAL 181
SPAM BLOCK rDNS ERROR 428
SPAM BLOCK RBL-ANTISPAM 245
SPAM BLOCK RBL-COUNTRY 31
SPAM BLOCK OPEN PROXY 6
SPAM BLOCK RBL-OPENRELAY 380
UNKNOWN USER 468
INVALID HOSTNAME-HELO 69
A number of people sent me notes asking about it and its availability.
I was pretty busy at the time and didn't have time to do a check over
before letting it out.
I've been using it now on 5 different configurations for about a month now
and it has helped me make my case to my boss for why we want to do certain
things and given me an insight into what it is we are blocking.
The script is written in Perl and is quite simple. It works off of a
configuration file that contains the titles and search strings for what I
want to catch.
I've posted it on a new forum that I've setup for Exim related stuff in
the following location:
http://exim.tnet.com/forums/viewtopic.php?t=344
Anyone is welcome to use it and enhance it even if you have time. It
would be neat to have it able to generate MRTG like graphs... pictures
make my boss happy.
As for the forum... this is a bit of an experiment.
I've been using forums for some time as a method of support for my clients
and at work we use one as a knowledge base. It has been very useful and
makes it easy to find things that you need to locate quickly by simply
going to the category that is in what you are looking for.
Sometimes trying to find something in the mailing list articles is hard.
I've setup the forums with Exim related items in mind. They are open to
anyone to view, including the posted material. The only time you need to
register is if you want to add something of your own... If you do choose
to register, It might be a good idea to use the same name you use for the
mailing lists so people know who you are. Search engines are blocked from
that area to protect email accounts and you can hide your email address if
you choose.
I've got a number of snippets of ACL samples etc that I've been collecting
as they flew by on the mailing list that I've got entered into a customer
support forum, that I will transfer over to this one as I get time.
If you have your own special script or some other tool you use with Exim
or something related, you are more than welcome to post your info there.
I will open up a special section for those that have tools like
exiscan-acl etc..
The forums are not intended to replace anything, just provide a place to
post snippets of samples and be easy to find. This is an experiment that
will continue if there is a need for it.
--
Kevin W. Reed - TNET Services, Inc.
Mailing List Account
