Re: [exim] Fake ACCEPT (ahem)

Pàgina inicial
Delete this message
Reply to this message
Autor: Mike Cardwell
Data:  
A: exim users
Assumpte: Re: [exim] Fake ACCEPT (ahem)
Marcin Krol wrote:

>>>> But why would you want to accept and silently discard mail? If the mail
>>>> contains a virus, don't you think it's better that the sender is told so?
>>>>
>>> No! That causes collateral spam! Think faked sender...
>>>
>> Not if you're rejecting during the SMTP transaction, which is I think
>> what was being discussed originally.
>>
> Correct, *but the default clamav message saying so is unreadable*.
> Default clamav reject message is not customizable very much, not enough
> to make it vary and indicate CLEARLY AND IN BIG LETTERS it was phishing
> / it was spam (clamav used to filter out only viruses so it was not a
> problem).
>
> So I need to replace it.
>
> So I need to blackhole the message myself (do accept, not deny) and
> generate another message myself and send it during SMTP time with 5xx code.
>
> This is complicated, nevertheless, this is an optimum solution which I seek.


You're getting the terminology wrong, which is confusing matters. What
you *want* to do is reject during SMTP, and send a rejection message
depending on which signature is matched. You can do this with something
along these lines:

deny malware = *
      message = ${if match{$malware_name}\
                          {\N\.Sanesecurity\.\N}\
                          {Blocked Phishing attempt}\
                          {Blocked Virus}\
                }


That will return "550 Blocked Phishing attempt" if it's a Sanesecurity
signature, and "550 Blocked Virus" otherwise. I don't know if the logic
of: ".Sanesecurity." is phishing and everything else is a virus, is
correct; but the config snippet is a good representation of what you
want to do.

Mike