Kevin Reed said:
> [Resend used wrong account]
> I see no indication that I am receiving any of these, yet when I
> attempted to test it with my current ruleset, it snagged it without
> any problem showing that the rules work.
Well I think I just had some show up:
2003-11-03 18:46:12 H=88.111.109.66.dis.net (localhost) [66.109.111.88]
F=<james@???> rejected RCPT <censored@???>:
Sender verify failed
2003-11-03 18:46:41 H=88.111.109.66.dis.net (localhost) [66.109.111.88]
F=<james@???> rejected RCPT <censored@???>:
Sender verify failed
2003-11-03 19:11:12 H=88.111.109.66.dis.net (localhost) [66.109.111.88]
F=<james@???> rejected RCPT <censored@???>:
Sender verify failed
2003-11-03 19:32:26 H=hostdd4e.alcatel.com (localhost) [128.251.221.78]
F=<james@???> rejected RCPT <censored@???>:
Sender verify failed
2003-11-03 20:15:15 H=88.111.109.66.dis.net (localhost) [66.109.111.88]
F=<james@???> rejected RCPT <censored@???>:
Sender verify failed
Not a very good sampling in that all but one came from the same place but
it does show some sort of pattern and explains why it would be possible to
not have any virus detection notices...
Looks like it should be easy to trap for if the pattern is the same
elsewhere... HELO = localhost F= james@$local_domain
All of them are being dropped because of Sender verify though. This would
be before checking for data content. So no virus detection reached.
Feel sorry for anyone with the username of james though...
--
Kevin W. Reed - TNET Services, Inc.
Unoffical Exim MTA Info Forums -
http://exim.got-there.com/forums