Re: [exim] :blackhole:

Top Page
Delete this message
Reply to this message
Author: John W. Baxter
Date:  
To: exim-users
Subject: Re: [exim] :blackhole:
On 3/10/2005 12:44, "list1@???" <list1@???> wrote:

> Hello list!
>
> I've been testing an exim-courier-mysql setup that was created by
> someone else.
> What is the point of the router below, if all the viruses are being
> rejected during
> acl_smtp_mime and acl_smtp_data anyway?


If "all" the virus messages are being rejected earlier, this is likely a
leftover from an earlier time when they weren't. Since as you present the
router, it is commented out and therefore doesn't exist (from Exim's
viewpoint), that would be my guess.

Otherwise, are you sure the rejection isn't conditioned on (1) a single
recipient who wants scanning OR (2) multiple recipients or something like
that?

> Also anything ditched with a router to ":blackhole:" would not get any
> proper notification.
> Would they?


With most viruses having forged sender information these days, many of those
being real addresses, you don't want to notify the sender. You may or may
not want to notify the recipient(s)...if so you need to do something to
cause that to happen. (And, to complicate matters, you may want to give
users the choice of getting the notification, or not.)

--John (who has too much commented out stuff in his own
configs...particularly since they are under source code control and desired
snippets are therefore always available)

>
>
>
> # ditch_malware:
> #   driver = redirect
> #   allow_fail
> #   data = :blackhole:
> #   condition = ${if and { {match {$h_X-ACL-Warn:}{.*malware.*}} \
> #                          {eq {${lookup mysql{select users.on_avscan
> from users,domains \
> #                         where localpart = '${quote_mysql:$local_part}' \
> #                         and domain = '${quote_mysql:$domain}' \
> #                         and users.on_avscan = '1' \
> #                         and users.domain_id=domains.domain_id}}}{1} }}
> {yes}{no} }