We have a netsvc.eml notice which is sent to the helpdesk if Declude detects a virus in a message from a local user. It uses ONLYSENDIFLOCALSENDER. Problem is with forging viruses. We get notices when an infected INBOUND message forges our domain as the sender (see example below.)
In this case, you may want to either upgrade to the latest beta and add a line "SKIPIFFORGING ON" to the netsvc.eml file (which will automatically skip it for forging viruses), or add the SKIPIFVIRUSNAMEHAS lines from the sender.eml/otherpostmaster.eml files to the netsvc.eml file.
Is there some way to check against Remote IP? I would only need to send the notice if it were (in my case) 172.22.*.*, which won't be forged.
You could do this, too, by adding a line "ONLYSENDIFIP 172.22." to the netsvc.eml file.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
