[SA-exim] Klezmail with forged envelope

[Marc MERLIN]

On Fri, Apr 02, 2004 at 07:02:33AM -0800, Rick Moen wrote:
> This is rather amusing:  I'm getting chastised by my own MTA, based on a
> Danish MTA trying to send it Klezmail with a forged Return-path.  Is
> there something I can easily tweak in SA-Exim to prevent this effect?
 
Mmmh, this sounds more like a job for exiscan-acl, which you have in
exim-daemon-heavy in debian.
You could write SA rules to force virus Emails to be found as spam and
rejected, but exiscan-acl would just do a better job by default.

>   rick at linuxmafia.com
>     This message has been rejected because your message
>     looks like you are infected by the Klez Virus and you
>     are spamming us and wasting our resources as a result
>     and your system is spamming us because you are infected.
>     If you have to use windows, you should at least not
>     use outlook.
>     It is inherently insecure;
>     you are generating lots of wasted bandwidth, as well as
>     support headackes by using it, and you are jeopardizing
>     Please seriously consider using another mail client

This message looks very familiar :)
Yeah, in the exim3 days, it was better than nothing.
Nowadays, it's a bit obsolete and it's all about doing it at SMTP time
(which the system_filter hacks don't do)

Marc

PS: Yes, I know, I still run those myself, I've just been lazy and don't
receive enough viruses that make it through my helo/callback checks to
bother
-- 
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/   |   Finger marc_f at merlins.org for PGP key