>do you really want your users to get notified
>of everything your mail system blocks even if they where from bogus
>sources which you have no real way of knowing?
Nope :) It was just an example. Our current software does this, and when a
spammer attack happens, there's no point in even blocking the stuff in the
first place since they get the same # of emails to their acct, and almost as
annoying as spam itself :) I can think of other reasons why I would want to
internally compose a message to be sent. For example, if a user wants an
email to be sent for an SMS alert based on certain criteria (might be done
easier in a router with a redirect driver, but just a thought right now),
etc... Tons of other possibilities as well.
>A perhaps better idea would be to make available to your users the data of
>what was blocked not via email but via another means.
I love that idea! I never thought of making a queryable website for this
sort of thing (I'm gonna steal your idea ok? :)). The only downfall to
scanning logfiles though, is that this will be for a very large userbase (3
mail servers right now with over 3000 domains (15000+ users), then we have
another 6 or more mail servers with a total of probably 12000+ domains and
who knows how many thousands of users). Logging email data will be a HUGE
issue simply because of the serious disk I/O cost, and most importantly, the
disk cost. Even if we rolled logfiles over every hour, we're talking tons,
upon tons of data (and I don't want to go for skimpy log data, that's
usually just useless). It might be a bit better if we have lots of servers
in a load balanced cluster, but they would each still generate quite a bit
of data (the 3 servers mentioned before generate about 10mb/hr each server?
Maybe more).
For that reason I was hoping I could skip having to parse log files, and
just have data like that inserted on the fly as exim sees it come in.
>Remember you can say what is true or false. Or in this case, true true.
Doh! I totally didn't think of that! I'll give it a shot... Now just to
see if it's possible to have multiple condition = statements in a line
(incase I need to do multiple inserts or what have you) :)
Thanks for the feedback Kevin!
Eli.
-----Original Message-----
From: exim-users-admin@??? [
mailto:exim-users-admin@exim.org] On Behalf
Of Kevin Reed
Sent: Thursday, January 15, 2004 12:14 AM
To: exim-users@???
Subject: RE: [Exim] Creating a message for delivery based off of an action
in an ACL
Eli said:
>>DENY is the correct thing to do or Discard... but bounce...
>
> ... I want to deny the message and send an email to MY users (the
> recipients; obviously not faked, since my mail server received the
> message!) telling them that they were SENT a virus.
Not too far in the distant past there was a huge flurry of faked
sender/receiver spam/virus messages who's intent appeared to be simply to
clog up the mail system... do you really want your users to get notified
of everything your mail system blocks even if they where from bogus
sources which you have no real way of knowing?
Many are still getting tons of these.
However, I think a lot of people don't realize how much data is in the
exim log files...
A perhaps better idea would be to make available to your users the data of
what was blocked not via email but via another means.
I just implemented a system where the failed messages (parsed from system
logs) are collected daily and stored in a small database. The users can
now via an internal web page, query their email address and see what was
denied being sent to them.
Since the logs contain the host, apparent From user, Subject ,date time...
it makes it easy for a user to see if they have real mail arriving that is
being blocked by accident. They can then inform the help desk of who the
sender is and a temporary whitelist can take place or a correction to the
senders problem can be resolved.
While it doesn't get them the failed message, it takes the burden off the
Help Desk when people thing they are having mail for them blocked.
This way the user doesn't get tons of messages telling them what they
didn't get most of which they don't want to know anyway and they can look
for the info if they need it.
>>You can easily do this and the other things you asking for below with a
>>system filter
>
> Hrm, I remember checking up on filter syntax, and it seemed to be much
> more limited than what I could do in ACLs (but maybe I should check
> again...).
Exim is very flexible... sometimes you have to think outside the box...
While the filter is not the ACL... In your ACL you can set a special
header as as flag... in the system filter look for the flag and act on it
removing the flag afterwards..
There are other solutons too as I'm sure we will hear.
>>condition = ${run ...
>
> I'm not sure how condition = would work if I issued an SQL INSERT command
> -
> would it consider it true, or false? Besides, I want the outcome to have
> *no* bearing on what is going to be done. I just want my command (really
> an SQL query, so run doesn't work for me) executed and it's output
> ignored completely.
So treat the result as always true no matter what the real result is and
you have what you are looking for. Remember you can say what is true or
false. Or in this case, true true.
--
Kevin W. Reed - TNET Services, Inc.
Unoffical Exim MTA Info Forums -
http://exim.got-there.com/forums
--
## List details at
http://www.exim.org/mailman/listinfo/exim-users Exim
details at
http://www.exim.org/ ##
---
[This E-mail scanned for viruses]
---
[This E-mail scanned for viruses]
