Re: [Exim] system wide exim filter

Top Page
Delete this message
Reply to this message
Author: Steve C. Lamb
Date:  
To: exim-users
Subject: Re: [Exim] system wide exim filter
--
On Thu, Oct 23, 2003 at 10:27:42PM +0200, Konstantin Kletschke wrote:
> The MS Worms are driving me nuts and I migrated from 3.3.1 to 4.24 on a
> debian with a rather sophisticated mysql setup :)


    I'm presuming you installed exim4-daemon-heavy?


> Now I wonder how to setup y system wide exim4 filder, which kills all
> mails, which look like a worm or virus or even with an attached *exe.


    Well, the easiest way, in my mind, would be to install clamav and use
exiscan-acl (already built into exim4-daemon-heavy) to reject anything clamav
thinks is suspect.  This would be done at SMTP time and while it would not
protect your bandwidth it most certainly would be system-wide and includes
sensible responses to the infected message.  There is an excellent tutorial on
how to get the two to work off of exiscan-acl's page.  It is geared towards
RPMs but frankly after installing clamav with aptitude all I needed it for was
the ACL rules to place into /etc/exim4/conf.d/acl and /etc/exim4/conf.d/main.


--
         Steve C. Lamb         | I'm your priest, I'm your shrink, I'm your
       PGP Key: 8B6E99C5       | main connection to the switchboard of souls.
-------------------------------+---------------------------------------------
--
Content-Description: Digital signature


[ signature.asc of type application/pgp-signature deleted ]
--