Re: [Exim] Blocking phony MS Security update emails

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Giuliano Gavazzi
Fecha:  
A: Wakko Warner
Cc: exim-users
Asunto: Re: [Exim] Blocking phony MS Security update emails
At 1:11 pm -0500 2004/01/09, Wakko Warner wrote:
> > Regarding your rule, I imagine you then check at the RCPT phase for
>> $sender_address in /etc/exim4/virus_senders saving yourself to get to
>> the DATA phase. I can only see one problem here, you might end up
>> blocking legitimate users, and not necessarily infected ones.
>> Remember that the virus (if it is selfpropagating) might get the
>> sender address from the local out-box.
>
>Actually, at MAIL phase. The phrase "didn't care" went there =) It can
>block legitimate users. I have excluded specifics from the check anyway. I
>also check my rejection logs.


At MAIL phase? And how do you know that it is not a poor user that by
mistake has been listed and is trying to contact the postmaster?
Other problems of which you are certainly aware (but then I have no
idea why rejecting at MAIL):

1) You loose recipient logging, always useful.

2) You cannot whitelist recipients.

3) It is not RFC compliant (but let this argument out).

but mainly, what's the advantage over RCPT rejection?

Giuliano
--
H U M P H
    || |||
  software


Java & C++ Server/Client/Human Interface applications on MacOS - MacOS X
http://www.humph.com/