Author: Luca Bertoncello Date: To: Users, Exim Subject: [exim] Very strange problem: E-Mail denied by ACL,
but send via router
Hi list!
I have a very strange problem...
By some E-Mails (no template found) the sender will be notified that the
E-Mail contains a virus, but the recipient receives the E-Mail.
Some words about our configuration: we have three Antivirus (Kasperski,
Avast and ClamAV). If at least one of these programs reports that the
E-Mail is infected, the E-Mail should be rejected.
And it happens in the most cases! But sometimes not...
So I tried with an E-Mail we received yesterday. The E-Mail contains an
encrypted Excel and Avast refused the E-Mail since the file is password
protected (OK, the file is clean, I'm sure of that! And Avast should NOT
refuse the E-Mail, but this is not my problem now).
After that Exim refuse the E-Mail with an error 5xx, but process the
E-Mail with the routers, so that a copy of the E-Mail will reach the
recipient.
I tried with exim -bh. I see:
>>> deny: condition test succeeded in ACL "acl_check_data"
>>> end of ACL "acl_check_data": DENY
>>> unspool_mbox(): unlinking
>>> '/var/spool/exim4/scan/1lEsvz-0001D5-H1/1lEsvz-0001D5-H1-00000'
>>> unspool_mbox(): unlinking
>>> '/var/spool/exim4/scan/1lEsvz-0001D5-H1/1lEsvz-0001D5-H1-00002'
>>> unspool_mbox(): unlinking
>>> '/var/spool/exim4/scan/1lEsvz-0001D5-H1/1lEsvz-0001D5-H1-00001'
>>> unspool_mbox(): unlinking
>>> '/var/spool/exim4/scan/1lEsvz-0001D5-H1/1lEsvz-0001D5-H1.eml' 552-PVC05 - This message contains a virus (Archive is password
protected) -
552 Scanned by Avast
but the somehow exim process the E-Mail further and sends it to my
mailbox...
An important consideration, too: we use Ciphermail to encrypt/decrypt
the E-Mails, so we have two queues and Exim identifies the E-Mails
coming from Ciphermail using the received_port.
It seems that, after "denying" the E-Mail, this will be sent to
Ciphermail and after Ciphermail processed it, it returns to Exim and
will be saved in the Mailbox.
