Eli said:
>>DENY is the correct thing to do or Discard... but bounce...
>
> ... I want to deny the message and send an email to MY users (the
> recipients; obviously not faked, since my mail server received the
> message!) telling them that they were SENT a virus.
Not too far in the distant past there was a huge flurry of faked
sender/receiver spam/virus messages who's intent appeared to be simply to
clog up the mail system... do you really want your users to get notified
of everything your mail system blocks even if they where from bogus
sources which you have no real way of knowing?
Many are still getting tons of these.
However, I think a lot of people don't realize how much data is in the
exim log files...
A perhaps better idea would be to make available to your users the data of
what was blocked not via email but via another means.
I just implemented a system where the failed messages (parsed from system
logs) are collected daily and stored in a small database. The users can
now via an internal web page, query their email address and see what was
denied being sent to them.
Since the logs contain the host, apparent From user, Subject ,date time...
it makes it easy for a user to see if they have real mail arriving that is
being blocked by accident. They can then inform the help desk of who the
sender is and a temporary whitelist can take place or a correction to the
senders problem can be resolved.
While it doesn't get them the failed message, it takes the burden off the
Help Desk when people thing they are having mail for them blocked.
This way the user doesn't get tons of messages telling them what they
didn't get most of which they don't want to know anyway and they can look
for the info if they need it.
>>You can easily do this and the other things you asking for below with a
>>system filter
>
> Hrm, I remember checking up on filter syntax, and it seemed to be much
> more limited than what I could do in ACLs (but maybe I should check
> again...).
Exim is very flexible... sometimes you have to think outside the box...
While the filter is not the ACL... In your ACL you can set a special
header as as flag... in the system filter look for the flag and act on it
removing the flag afterwards..
There are other solutons too as I'm sure we will hear.
>>condition = ${run ...
>
> I'm not sure how condition = would work if I issued an SQL INSERT command
> -
> would it consider it true, or false? Besides, I want the outcome to have
> *no* bearing on what is going to be done. I just want my command (really
> an SQL query, so run doesn't work for me) executed and it's output
> ignored completely.
So treat the result as always true no matter what the real result is and
you have what you are looking for. Remember you can say what is true or
false. Or in this case, true true.
--
Kevin W. Reed - TNET Services, Inc.
Unoffical Exim MTA Info Forums -
http://exim.got-there.com/forums
