[SA-exim] Klezmail with forged envelope

[Rick Moen]

Quoting Tim Jackson (lists at timj.co.uk):

> > users I need to protect from themselves.  
> 
> My feelings precisely, way back when I first started looking into all this
> stuff (though things have since changed). 

[MS-Windows malware:]

> But back then I decided that although it may not harm me, the fact is
> that there *are* viruses around and I don't want the junk in my inbox
> - it may not hurt but it's as bad as spam.

For all practical purposes, it _is_ spam.  Thus, precisely, my point:
As far as I can tell, the same SMTP-callout, header-sanity, and
body-text semantics checks effective against other junkmail should catch
idiotic mail directly and indirectly resulting from malware.

I'll defer importing into my system any MS-Windows anti-malware cantrips
(e.g., ClamAV) unless and until they have compelling advantages, on the
above grounds as well as taste and also a desire to avoid unwarranted
system complexity.

Thank you for the reference to your SA bogus-virus-warnings ruleset,
which sounds useful.  I haven't yet gotten around to writing Exim4 ACLs
to eliminate arriving-from-elsewhere mail with my own env sender.  I
tend to be conservative with mail-system changes when possible, since
screwups can be so painful for myself _and_ my other users (especially
when I'm new to Exim4, and it has so many new features).

Honestly, has nobody on this list yet written and tested such a thing?

[Your own Exim rules:]

> - reject your own domain name(s) given in remote HELOs (this catches a lot
>   of recent viral junk)
> 
> - use Exiscan to block "bad" extensions
> 
> Those alone clean up a lot of rubbish.

Would you do me the favour of posting those, just so I can see a working
model?  Thanks.

-- 
Cheers,               No trees were destroyed in the sending of this message. 
Rick Moen             We do concede, though, that a large number of electrons 
rick at linuxmafia.com   were terribly inconvenienced.