[Exim] Bounce message, but without attachment

[Escaflowne]

Hello!

For the last two days, someone was trying to send lots and lots of emails with virus attachments to many email accounts located on our server. But the messages do not get delivered, because clamav is configured to not deliver messages, which have suspicious attachments (.pif, .cpl, .scr and so on). Clamav "catches" these messages, and bounces them back, saying that the attachment may contain a virus, blah blah blah. Ok, that's fine, but I want Exim to send these "bounced messages" without the attachement. How do I configure Exim so he drops the attachment before sending the bounce?

[dezignguy]

Sending any bounce message back to the from address in spam or viruses is a bad idea... I'd completely block your server if you were sending such bounces to me (I've been DDOS'ed by the bounces sent from both an open relay and the servers the spam was sent to, coming back to a domain I hosted that had several fake addresses forged as the spam's From address) and and many other mail admins would block you as well. It's also a quick and easy way to get on several email blacklists, since you can trigger a spamtrap address with them.

Read this page for more info:
http://www.spamcop.net/fom-serve/cache/329.html

Better to configure your software to reject such unwanted emails during the smtp transaction (with an smtp error code ie 5xx) and let the sending server deal with them.

[chirpy]

Actually, it's most likely the system_filter /etc/antivirus.exim if you don't want to use it, disable it. Search on the forums on ways to do that.

[Escaflowne]

[...] Better to configure your software to reject such unwanted emails during the smtp transaction (with an smtp error code ie 5xx) and let the sending server deal with them.

OK... How do I do it? Some directions would be useful.

[dezignguy]

well, you haven't really told me what you're running and how you have your system setup...

But I've been using ASSP (http://assp.sourceforge.net) as my spam/virus filter for a couple years now and when I moved over to using a Cpanel server, I brought it along and integrated it into my cpanel setup. And I didn't bother to check out any alternate way of doing this.

My observation of exim's antivirus.exim filter (on my server at least) is that it rejects matching emails in the smtp conversation like it should. However, I don't use a separate clamav filter, or any of the clamavconector stuff that cpanel does (ASSP uses the clamav signatures internally). So Clamav is probably what's messing up what it should be doing.

So, I can't really help you with any further info unless you want to go with ASSP, or drop ClamAV and go back to a vanilla cpanel setup. Read the docx for clamav and see if they have a config setting to help you out... and check out their forums/mailing lists and see if someone can help you.

[NNNils]

Anyone else can give some directions on howto disable dangerous attachments returning to sender on a default cpanel exim setup?

[chirpy]

The answer is still likely to be with my post a couple above.