Re: [exim] Fake ACCEPT (ahem)

Top Page
Delete this message
Reply to this message
Author: Marc Perkel
Date:  
To: Marcin Krol
CC: exim users
Subject: Re: [exim] Fake ACCEPT (ahem)


Marcin Krol wrote:
> John Hall pisze:
>
>>>> But why would you want to accept and silently discard mail? If the mail
>>>> contains a virus, don't you think it's better that the sender is told so?
>>>>
>>>>
>>> No! That causes collateral spam! Think faked sender...
>>>
>>>
>> Not if you're rejecting during the SMTP transaction, which is I think
>> what was being discussed originally.
>>
>>
> Correct, *but the default clamav message saying so is unreadable*.
> Default clamav reject message is not customizable very much, not enough
> to make it vary and indicate CLEARLY AND IN BIG LETTERS it was phishing
> / it was spam (clamav used to filter out only viruses so it was not a
> problem).
>
> So I need to replace it.
>
> So I need to blackhole the message myself (do accept, not deny) and
> generate another message myself and send it during SMTP time with 5xx code.
>
> This is complicated, nevertheless, this is an optimum solution which I seek.
>
>


He brings up an interesting idea that I think I'm going to look into.
Clam originally caught viruses and then was extended to phishing and
spam. Yet I and probably most of you return a "malware" message for
everything.

I'm thinking about running Clam in a wan ACL and then parse the message
to give a more descriptive error based on what was caught.