The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Exim] Bounce message, but without attachment

Discussion in 'General Discussion' started by Escaflowne, Feb 9, 2005.

  1. Escaflowne

    Escaflowne Active Member

    Joined:
    May 5, 2004
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    PL
    Hello!

    For the last two days, someone was trying to send lots and lots of emails with virus attachments to many email accounts located on our server. But the messages do not get delivered, because clamav is configured to not deliver messages, which have suspicious attachments (.pif, .cpl, .scr and so on). Clamav "catches" these messages, and bounces them back, saying that the attachment may contain a virus, blah blah blah. Ok, that's fine, but I want Exim to send these "bounced messages" without the attachement. How do I configure Exim so he drops the attachment before sending the bounce?
     
  2. dezignguy

    dezignguy Well-Known Member

    Joined:
    Sep 26, 2004
    Messages:
    534
    Likes Received:
    0
    Trophy Points:
    16
    Sending any bounce message back to the from address in spam or viruses is a bad idea... I'd completely block your server if you were sending such bounces to me (I've been DDOS'ed by the bounces sent from both an open relay and the servers the spam was sent to, coming back to a domain I hosted that had several fake addresses forged as the spam's From address) and and many other mail admins would block you as well. It's also a quick and easy way to get on several email blacklists, since you can trigger a spamtrap address with them.

    Read this page for more info:
    http://www.spamcop.net/fom-serve/cache/329.html

    Better to configure your software to reject such unwanted emails during the smtp transaction (with an smtp error code ie 5xx) and let the sending server deal with them.
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Actually, it's most likely the system_filter /etc/antivirus.exim if you don't want to use it, disable it. Search on the forums on ways to do that.
     
  4. Escaflowne

    Escaflowne Active Member

    Joined:
    May 5, 2004
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    PL
    OK... How do I do it? :) Some directions would be useful.
     
  5. dezignguy

    dezignguy Well-Known Member

    Joined:
    Sep 26, 2004
    Messages:
    534
    Likes Received:
    0
    Trophy Points:
    16
    well, you haven't really told me what you're running and how you have your system setup...

    But I've been using ASSP (http://assp.sourceforge.net) as my spam/virus filter for a couple years now and when I moved over to using a Cpanel server, I brought it along and integrated it into my cpanel setup. And I didn't bother to check out any alternate way of doing this.

    My observation of exim's antivirus.exim filter (on my server at least) is that it rejects matching emails in the smtp conversation like it should. However, I don't use a separate clamav filter, or any of the clamavconector stuff that cpanel does (ASSP uses the clamav signatures internally). So Clamav is probably what's messing up what it should be doing.

    So, I can't really help you with any further info unless you want to go with ASSP, or drop ClamAV and go back to a vanilla cpanel setup. Read the docx for clamav and see if they have a config setting to help you out... and check out their forums/mailing lists and see if someone can help you.
     
  6. NNNils

    NNNils Well-Known Member

    Joined:
    Sep 17, 2002
    Messages:
    580
    Likes Received:
    0
    Trophy Points:
    16
    Anyone else can give some directions on howto disable dangerous attachments returning to sender on a default cpanel exim setup?
     
  7. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    The answer is still likely to be with my post a couple above.
     

Share This Page