Autor: Wakko Warner Data: Para: Giuliano Gavazzi CC: Marc Perkel, Jeff Lasman, exim-users Assunto: Re: [Exim] Blocking phony MS Security update emails
> >Simple for me. No windows, no problem =) I just did that hack to stop them > >wasting my bandwidth. I see no real reason to use exiscan.
>
> I agree, no windows here to, while I cannot say so of my users. But
> people! please remember to trim your replies, as this not only wastes
> bandwidth but also local storage!!
On my end, it's one user.
> Regarding your rule, I imagine you then check at the RCPT phase for
> $sender_address in /etc/exim4/virus_senders saving yourself to get to
> the DATA phase. I can only see one problem here, you might end up
> blocking legitimate users, and not necessarily infected ones.
> Remember that the virus (if it is selfpropagating) might get the
> sender address from the local out-box.
Actually, at MAIL phase. The phrase "didn't care" went there =) It can
block legitimate users. I have excluded specifics from the check anyway. I
also check my rejection logs.
> Also, you have forgotten "Net Recipient" for messages coming from
> "Administrator" <> (SUBJECT: Returned Message: User unknown). They
> usually come in pair here...
I built it from ones I actually received.
--
Lab tests show that use of micro$oft causes cancer in lab animals