Author: Dominic Benson Date: To: exim-users Subject: Re: [exim] exim subjecting outbound e-mail to spamd and virus
On 10/08/11 11:20, Bill Hayles wrote: > Hi, Dominic and The Doctor
>
> On Wed, 10 Aug 2011 10:23:43 +0100 in message number<4E424E1F.6060608@???>, received here on 10/08/2011 11:47:16, Dominic Benson<dominic@???> said:
>
> The Doctor wrote
>
>> someone hijecked www to senjd thousands of spam and exim did not drop it
> Perhaps The Doctor could expand on that. If he means that thousands of
> spam were sent via his webmail program, then the normal condition is for
> them to be accepted unconditionally as webmail users are assumed
> legitimate, having had to log on.
>
> If that is the case, then it is the webmail configuration that needs
> looking at, and not Exim.
I agree with regard to spam checking - although there is a case for AV
scanning outbound messages and then bouncing them if necessary. People
do accidentally send infected attachments, after all.
Regardless of whether it was webmail, the real fix is to protect it from
the original abuse. >> Depending on how the mail was initiated, it could be
>>
>> accept hosts = :
> But that is normally safe (I certainly have it) as you assume anything
> not sent by TCP/IP, i.e. originating from 127.0.0.1 is legitimate.
> If it isn't, then again, trying to configure Exim to fix the problem
> isn't, IMHO, the right way to go about it With webmail, it is only as legitimate as authenticated SMTP. So it
isn't necessarily unreasonable to have some last-ditch anti-abuse
measures. Or AV. My point was not that the statement is unsafe, rather
that if you wish such messages to be subject to other conditions, they
need to be inserted before it in the ACL.
