Author: Kjetil Torgrim Homme Date: To: John W. Baxter CC: exim-dev Subject: Re: [exim-dev] Exim from mailnull by local "Auto-Submitted:
auto-generated" bounces keep bouncing
On Tue, 2005-06-07 at 11:30 -0700, John W. Baxter wrote: > On 6/7/05 10:40 AM, "Tony Marques" <tymes10@???> wrote:
> > A virus spoofing my domain will send an Exim server a message which
> > will initially accept the message but later tries to bounce the
> > message because it finds the illicit .scr/.pif/.exe attachment, the
> > mailbox is full, no such user or some other problem. So now the Exim
> > server generates and sends a bounce to my server which detects the
> > illicit attachment or forgery and responds with either a
>
> It's more an error in configuration. These days, sending back an entire
> message in a bounce is most unfriendly, since it's so likely to distribute a
> virus to an innocent third party. We cut off our bounce messages at--I
> think--10K. Newer Exims (I forget the transition point) can also be
> configured not to return the body at all).
a bit belated response, but I need to object to this assertion. if you
don't have virus scanning to stop yourself from sending out these worms,
please send the virii intact so that _our_ virus scanner will be able to
recognise and discard them. at least Sophos consider 10K snippets of
virii generally benign -- they can no longer reproduce. they're still
an annoyance to our users, though.
(yes, we're using bogus-warning.cf, and it helps a lot.)
--
Kjetil T.