Re: [Exim] acl for DATA command

Top Page
Delete this message
Reply to this message
Author: Pavel Gulchouck
Date:  
To: Andreas Metzler, exim-users
Subject: Re: [Exim] acl for DATA command
On Tue, Sep 30, 2003 at 08:05:39PM +0200, Andreas Metzler writes:
> On Tue, Sep 30, 2003 at 06:34:19PM +0100, jzaw wrote:
> > On Tuesday, Sep 30, 2003, at 17:25 Europe/London, Nico Erfurth wrote:
> > >>exiscan-acl surely reduces your traffic ... you don't actually get the
> > >>body of the email transferred
>
> >> Hu?
> >> exiscan-acl works AFTER the mail is received, and BEFORE a response
> >> for DATA is send, so it doesn't reduce your traffic at all.
>
> >> exiscan is made to scan the body of the mail .....
>
> > thanks for correcting my understanding of that
>
> > so, for my clarity, when my mail server issues a
>
> >> acl_check_data:
> >>  deny message = This message contains a nasty evil file extension \
> >>                                 ($found_extension)
> >>        demime = vbe:vbs:vbx:wsf:wsh:exe:com:cmd:shs:hta:bat:scr:lnk:pif

>
> > the exe has _already_ been transferred over to the server here? but is
> > then discarded and the 550 response sent?
>
> Yes. The only way to check whether a mesage contains an exe attachment
> is to look at it and you cannot do that if you haven't got the message.


Indirect information about attachments can be given from SIZE switch
in MAIL command.

> And even if you scanned the message while you were receiving it you
> could not immediately deny the message once you know that it contains
> an exe-attachment. - SMTP does not offer a command to interrupt the
> sending party and if you simply dropped the connection the sending
> side will requeue the mail and try later.


It's the reasons why I'm accept only messages with SIZE specified
in MAIL commands, and why I need acl after DATA (for accept callout
checks and reject mail with unknown size).

Also one solution is to drop connection if virus found and save
digest of helo/mail/rcpt contents for reject this mail on RCPT
stage next time. Not easy for configuration...

--
                                Lucky carrier,
                                                  Pavel.