On 30 Dec 2004 at 10:48, Justin Koivisto wrote about
"[exim] Denying messages":
| I am using
exiscan and
| clamav to do smtp virus scanning, and have the following in
| my data acl:
|
| # Reject messages containing malware.
| deny message = Rejected message contains a virus ($malware_name)
| malware = *
| .ifdef TEERGRUBE
| ~ delay = TEERGRUBE
| .endif
|
| OK, so all is good. However, I think that when the deny message is sent,
| the virus is sent back with it...
Not from this server, it isn't. Rejecting at SMTP time means that it
never accepted the message in the first place - it is not generating
a "bounce" (Delivery Status Notification) message at all.
The MTA that tried to send you the virus may be generating a bounce,
if it is relaying the message, but that's not your problem unless you
also control that server. It may be sending the bounce to your
server, if the (likely forged) original sender address was in your
domain.
| How can I strip the malware from the bounce?
When a DSN is being generated, you should definitely limit the amount
of message body text included. RTFM for "bounce_return_body" and
"bounce_return_size_limit" for exim 4.23 or later, else
"return_size_limit".
| I have a loop going on
| between 2 servers right now - both sending the virus back and forth.
That shouldn't happen in any case. Any DSN should have <> as the
sender, so rejection of the DSN should not cause an additional DSN.
Maybe your log can shed some light on what's really going on?
- Fred
