Re: [Exim] Blocking phony MS Security update emails

Top Page
Delete this message
Reply to this message
Author: Giuliano Gavazzi
Date:  
To: Wakko Warner
CC: exim-users
Subject: Re: [Exim] Blocking phony MS Security update emails
At 1:11 pm -0500 2004/01/09, Wakko Warner wrote:
> > Regarding your rule, I imagine you then check at the RCPT phase for
>> $sender_address in /etc/exim4/virus_senders saving yourself to get to
>> the DATA phase. I can only see one problem here, you might end up
>> blocking legitimate users, and not necessarily infected ones.
>> Remember that the virus (if it is selfpropagating) might get the
>> sender address from the local out-box.
>
>Actually, at MAIL phase. The phrase "didn't care" went there =) It can
>block legitimate users. I have excluded specifics from the check anyway. I
>also check my rejection logs.


At MAIL phase? And how do you know that it is not a poor user that by
mistake has been listed and is trying to contact the postmaster?
Other problems of which you are certainly aware (but then I have no
idea why rejecting at MAIL):

1) You loose recipient logging, always useful.

2) You cannot whitelist recipients.

3) It is not RFC compliant (but let this argument out).

but mainly, what's the advantage over RCPT rejection?

Giuliano
--
H U M P H
    || |||
  software


Java & C++ Server/Client/Human Interface applications on MacOS - MacOS X
http://www.humph.com/