Re: [exim] exim subjecting outbound e-mail to spamd and viru…

Top Page
Delete this message
Reply to this message
Author: The Doctor
Date:  
To: Dominic Benson
CC: exim-users
Subject: Re: [exim] exim subjecting outbound e-mail to spamd and virus checks
On Wed, Aug 10, 2011 at 10:23:43AM +0100, Dominic Benson wrote:
> On 10/08/11 02:17, Drav Sloan wrote:
>> The Doctor wrote:
>>>> You should probably read your acls, as I imagine one rule in there is
>>>> accepting them wholesale. Exim only does what Exim is told to do.
>> [snip]
>>
>> Have you tried exim -d -bh<ip of server>
>>
>> and looked at that?
>>
>> My money is, however, on the accept statement for relay_from_hosts, which
>> then short circuits all other spam / virus checks. Also you probably
>> should look at plugging the hole on your web server so the spam can not
>> be injected in the first instance.
>>
>> D.
>>
> Depending on how the mail was initiated, it could be
>
> accept hosts = :
>
> which, IIRC, accepts mail that was not received over SMTP.


Good start

>
> I agree with the above, though. Stopping it being input in the first place
> is the real fix.
> AV scanning outbound is fine/good, spam scanning is trickier:
> for a start you're going to miss out on the RBL lookups, and FPs are more
> troublesome.
>
> Rate-limiting outbound mail might be a useful damage limitation step,
> though.
>


How would you rate limit?

>
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>
>
> --
> This message has been 'sanitized'. This means that potentially
> dangerous content has been rewritten or removed. The following
> log describes which actions were taken.
>
> Sanitizer (start="1312968368"):
>  Split unusually long word(s) in header.
>  SanitizeFile (filename="unnamed.txt", mimetype="text/plain"):
>    Match (names="unnamed.txt", rule="2"):
>      Enforced policy: accept

>
> Total modifications so far: 1
>
>
> Anomy 0.0.0 : Sanitizer.pm
> $Id: Sanitizer.pm,v 1.94 2006/01/02 16:43:10 bre Exp $


-- 
Member - Liberal International    This is doctor@??? Ici doctor@???
God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! 
http://twitter.com/rootnl2k http://www.facebook.com/dyadallee
IT is done!  http://groups.google.com/group/rec.arts.drwho/about