Re: [exim] exim subjecting outbound e-mail to spamd and viru…

Top Page
Delete this message
Reply to this message
Author: The Doctor
Date:  
To: Dominic Benson
CC: exim-users
Subject: Re: [exim] exim subjecting outbound e-mail to spamd and virus
On Wed, Aug 10, 2011 at 11:41:36AM +0100, Dominic Benson wrote:
> On 10/08/11 11:20, Bill Hayles wrote:
>> Hi, Dominic and The Doctor
>>
>> On Wed, 10 Aug 2011 10:23:43 +0100 in message number<4E424E1F.6060608@???>, received here on 10/08/2011 11:47:16, Dominic Benson<dominic@???> said:
>>
>> The Doctor wrote
>>
>>> someone hijecked www to senjd thousands of spam and exim did not drop it
>> Perhaps The Doctor could expand on that. If he means that thousands of
>> spam were sent via his webmail program, then the normal condition is for
>> them to be accepted unconditionally as webmail users are assumed
>> legitimate, having had to log on.
>>
>> If that is the case, then it is the webmail configuration that needs
>> looking at, and not Exim.
>
> I agree with regard to spam checking - although there is a case for AV
> scanning outbound messages and then bouncing them if necessary. People do
> accidentally send infected attachments, after all.
>
> Regardless of whether it was webmail, the real fix is to protect it from
> the original abuse.


Or a trojan script

>>> Depending on how the mail was initiated, it could be
>>>
>>> accept hosts = :
>> But that is normally safe (I certainly have it) as you assume anything
>> not sent by TCP/IP, i.e. originating from 127.0.0.1 is legitimate.
>> If it isn't, then again, trying to configure Exim to fix the problem
>> isn't, IMHO, the right way to go about it
> With webmail, it is only as legitimate as authenticated SMTP. So it isn't
> necessarily unreasonable to have some last-ditch anti-abuse measures. Or
> AV. My point was not that the statement is unsafe, rather that if you wish
> such messages to be subject to other conditions, they need to be inserted
> before it in the ACL.
>


Key word is before.

>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>
>
> --
> This message has been 'sanitized'. This means that potentially
> dangerous content has been rewritten or removed. The following
> log describes which actions were taken.
>
> Sanitizer (start="1312973125"):
>  Split unusually long word(s) in header.
>  SanitizeFile (filename="unnamed.txt", mimetype="text/plain"):
>    Match (names="unnamed.txt", rule="2"):
>      Enforced policy: accept

>
> Total modifications so far: 1
>
>
> Anomy 0.0.0 : Sanitizer.pm
> $Id: Sanitizer.pm,v 1.94 2006/01/02 16:43:10 bre Exp $


-- 
Member - Liberal International    This is doctor@??? Ici doctor@???
God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! 
http://twitter.com/rootnl2k http://www.facebook.com/dyadallee
IT is done!  http://groups.google.com/group/rec.arts.drwho/about