Hello,
i can read in the exim documentation that (for the verb "drop" in acl) :
"There is no difference between deny and drop for the connect-time ACL.
The connection is always dropped after sending a 550 response."
but after some bad experience (mail dropped receive again and again) i
discovered that drop is closing connection WHITOUT sending 550 response
before closing.
the part of my configuration concerned is :
acl_check_data:
... (some other tests)
# virus scanner
drop message = This message contains a virus or other harmful content
($malware_name)
demime = *
malware = */defer_ok
this is what i can read in my log from a mailer trying to send a virus to
the mailer with "drop" configuration :
2004-05-14 10:59:53 senderemail@address <emailadress@emailaddress>
T=remote_smtp defer (-19): Remote host mymailer.domain.com [x.x.x.x]
closed connection after end of data
and this what i have when i'm trying to send "virus" to the mailer with
drop configured :
# telnet mailer 25
Trying x.x.x.x...
Connected to mailer.
Escape character is '^]'.
220 mailer ESMTP Exim 4.33 Thu, 13 May 2004 16:39:58 +0200
HELO me
250 mailer Hello me [x.x.x.x]
MAIL FROM: from@address
250 OK
RCPT TO: to@address
250 Accepted
DATA
354 Enter message, ending with "." on a line by itself
From: from@address
To: to@address
Subject: test virus
(eicar string. mailer's list don't like it :-)
.
Connection closed by foreign host.
and the same mailer with the "deny" verb (instead of "drop" verb).
# telnet mailer 25
Trying x.x.x.x...
Connected to mailer.
Escape character is '^]'.
220 mailer ESMTP Exim 4.33 Thu, 13 May 2004 16:39:58 +0200
HELO me
250 mailer Hello me [x.x.x.x]
MAIL FROM: from@address
250 OK
RCPT TO: to@address
250 Accepted
DATA
354 Enter message, ending with "." on a line by itself
From: from@address
To: to@address
Subject: test virus
(eicar string. mailer's list don't like it,again :-)
.
550-This message contains a virus or other harmful content
550 (Eicar-Test-Signature)
QUIT
221 mailer closing connection
Connection closed by foreign host.
So, is it a big bug of drop verb, or a misconfiguration ?
version of my mailer :
mailer # exim4 -bV
Exim version 4.33 #1 built 12-May-2004 13:46:01
Copyright (c) University of Cambridge 2004
Berkeley DB: Sleepycat Software: Berkeley DB 3.2.9: (April 7, 2002)
Support for: iconv() IPv6 PAM Perl GnuTLS
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb
dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql
Authenticators: cram_md5 plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram
redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Contains exiscan-acl patch revision 20 (c) Tom Kistner
[
http://duncanthrax.net/exiscan/]
Configuration file is /var/lib/exim4/config.autogenerated
I used the debian package found here :
# exim4 backports
deb
http://www.logic.univie.ac.at/~ametzler/debian/exim4manpages/ woody/
deb
http://www.logic.univie.ac.at/~ametzler/debian/gnutls/ woody/
on a woody server.
If you need other information/part of my configuration let me know. it is
really important that the drop send 550 message before clossing socket.
thanks for your help.
Jean-Louis.
PS : my english is far to be perfect. i hope you will excuse all mistakes
:-)
