On 10/08/11 02:17, Drav Sloan wrote:
> The Doctor wrote:
>>> You should probably read your acls, as I imagine one rule in there is
>>> accepting them wholesale. Exim only does what Exim is told to do.
> [snip]
>
> Have you tried exim -d -bh<ip of server>
>
> and looked at that?
>
> My money is, however, on the accept statement for relay_from_hosts, which
> then short circuits all other spam / virus checks. Also you probably
> should look at plugging the hole on your web server so the spam can not
> be injected in the first instance.
>
> D.
>
Depending on how the mail was initiated, it could be
accept hosts = :
which, IIRC, accepts mail that was not received over SMTP.
I agree with the above, though. Stopping it being input in the first
place is the real fix.
AV scanning outbound is fine/good, spam scanning is trickier:
for a start you're going to miss out on the RBL lookups, and FPs are
more troublesome.
Rate-limiting outbound mail might be a useful damage limitation step,
though.
