Re: [Exim] Blocking phony MS Security update emails

Top Page
Delete this message
Reply to this message
Author: Wakko Warner
Date:  
To: Giuliano Gavazzi
CC: Marc Perkel, Jeff Lasman, exim-users
Subject: Re: [Exim] Blocking phony MS Security update emails
> >Simple for me. No windows, no problem =) I just did that hack to stop them
> >wasting my bandwidth. I see no real reason to use exiscan.
>
> I agree, no windows here to, while I cannot say so of my users. But
> people! please remember to trim your replies, as this not only wastes
> bandwidth but also local storage!!


On my end, it's one user.

> Regarding your rule, I imagine you then check at the RCPT phase for
> $sender_address in /etc/exim4/virus_senders saving yourself to get to
> the DATA phase. I can only see one problem here, you might end up
> blocking legitimate users, and not necessarily infected ones.
> Remember that the virus (if it is selfpropagating) might get the
> sender address from the local out-box.


Actually, at MAIL phase. The phrase "didn't care" went there =) It can
block legitimate users. I have excluded specifics from the check anyway. I
also check my rejection logs.

> Also, you have forgotten "Net Recipient" for messages coming from
> "Administrator" <> (SUBJECT: Returned Message: User unknown). They
> usually come in pair here...


I built it from ones I actually received.

--
Lab tests show that use of micro$oft causes cancer in lab animals