[SA-exim] Klezmail with forged envelope

[Tim Jackson]

Hi Rick, on Fri, 2 Apr 2004 07:02:33 -0800 you wrote:

> This is rather amusing:  I'm getting chastised by my own MTA, based on a
> Danish MTA trying to send it Klezmail with a forged Return-path.  Is
> there something I can easily tweak in SA-Exim to prevent this effect?

You could easily block incoming mails with your own address as the
envelope sender, using Exim ACLs. Would that do the trick?

However, forgive me if I'm preaching to the converted (you are after all
using SA-Exim so presumably buy the advantages of SMTP-time rejection),
but I think that might be addressing the symptoms rather than the problem
- is the fact that you are generating this mail not an indication that you
yourself are doing the thing which you chastise others for - that is,
generating junk mail? Given that Klez and almost all significant e-mail
viruses fake the sender, if you're sending these bounce messages to the
purported senders (which is presumably why you got one) then you are
yourself sending junk mail to unrelated third parties, and what you just
did to yourself is only a fraction of what you're doing to others. In that
case, you need to address the general problem, by not generating bounces
if you can possibly avoid it. (precisely what SA-Exim helps with, in the
case of spam detected by SpamAssassin, at least)

Can you not use Exiscan with ClamAV or something and reject the viruses at
SMTP time?


Tim