[SA-exim] Klezmail with forged envelope

[Rick Moen]

Quoting Tim Jackson (lists at timj.co.uk):

> You could easily block incoming mails with your own address as the
> envelope sender, using Exim ACLs. Would that do the trick?

I certainly hope so.  (See also comments below.)

> However, forgive me if I'm preaching to the converted (you are after all
> using SA-Exim so presumably buy the advantages of SMTP-time rejection),
> but I think that might be addressing the symptoms rather than the problem
> - is the fact that you are generating this mail not an indication that you
> yourself are doing the thing which you chastise others for - that is,
> generating junk mail?

You are indeed _so very_ preaching to the converted. 

I was not asking _whether_ I should avoid generating reject messages to
the Return-path address in received malware mail:  I was asking how best
to avoid doing so.

As Marc knows, I hastily converted a collapsing Debian/Exim3 mail setup
to Exim4 + SA-Exim, and have been very pleased with the general nature
of the latter rig's operations, but keep finding aspects that require
further study and attention.  

Judging from Marc's comments, I'm going to have to change from the
exim4-daemon-light package to the -heavy one:

~ $ COLUMNS=120 dpkg -l | grep exim
ii  exim4                    4.30-4                   An MTA (Mail Transport Agent)
ii  exim4-base               4.30-4                   EXperimental Internal Mailer -- a Mail Transport Agent
ii  exim4-config             4.30-4                   Debian configuration for exim4
ii  exim4-daemon-light       4.30-4                   Lightweight version of the Exim (v4) MTA
ii  exim4-doc-html           4.30-2                   Documentation for Exim v4 in html format
ii  eximon4                  4.30-4                   X monitor for the Exim (v4) mail transport agent
ii  sa-exim                  3.1-2                    Use spamAssassin at SMTP time with the Exim v4 MTA

And of course I'm behind the curve with SA-Exim itself.  <sigh>

> Can you not use Exiscan with ClamAV or something and reject the viruses at
> SMTP time?

It would seem ignominious to have to run a scanner for MS-Windows
malware:  I have no clueless-weenie, responsibility-allergic desktop
users I need to protect from themselves.  It should be possible to
55x-reject mail with forged envelope headers at SMTP time using Exim4
alone, I would think.

Since this is a standard problem, I would actually have expected there
to be a standard, canned solution already provided in Marc's packages.
Isn't there?  Please note that this is _not_ a complaint:  SA-Exim 3.1 +
Exim 4.30 was already orders of magnitude smarter and more efficient
than what it replaced.

I'd been putting off the SA-Exim 3.1 -> 4.0 upgrade for lack of time to
catch and respond to any resulting breakage.  Now I'll have to add to
that a conversion from exim4-daemon-light to -heavy, reading the
latter's additional docs, and implementing some new Exim ACLs.  Should
keep me out of trouble and off the streets!  ;->

-- 
Cheers,               No trees were destroyed in the sending of this message. 
Rick Moen             We do concede, though, that a large number of electrons 
rick at linuxmafia.com   were terribly inconvenienced.