I recently had a situation where a user had a catch-all setup that was
being forwarded to our domain from another server. Needless to say, this
account attracted a lot of spam and virii. Part of our exim.conf file
had this in the data acl:
deny message = $found_extension files are not accepted here
demime = com:vbs:bat:pif:scr
This lead to a situation where an email with a pif attachment was denied
with a 5xx code, and the server that was doing the forwarding sent a
bounce to the local account on their machine, which was then forwarded
back to our system. The bounce included the original mail as an
attachment, so this created a nested attachement. This happened over and
over again in an infinite loop, creating an email with hundreds and
hundreds of nested attachments.
I have therefore changed the deny to discard. Are there any unseen
ramifications for doing this? Do people have ligitmate reasons to send
the above attachments? If they do, then it would be nice if they
received the error message.
