On Tue, 2005-06-07 at 11:30 -0700, John W. Baxter wrote: > On 6/7/05 10:40 AM, "Tony Marques" <[EMAIL PROTECTED]> wrote: > > A virus spoofing my domain will send an Exim server a message which > > will initially accept the message but later tries to bounce the > > message because it finds the illicit .scr/.pif/.exe attachment, the > > mailbox is full, no such user or some other problem. So now the Exim > > server generates and sends a bounce to my server which detects the > > illicit attachment or forgery and responds with either a > > It's more an error in configuration. These days, sending back an entire > message in a bounce is most unfriendly, since it's so likely to distribute a > virus to an innocent third party. We cut off our bounce messages at--I > think--10K. Newer Exims (I forget the transition point) can also be > configured not to return the body at all).
a bit belated response, but I need to object to this assertion. if you don't have virus scanning to stop yourself from sending out these worms, please send the virii intact so that _our_ virus scanner will be able to recognise and discard them. at least Sophos consider 10K snippets of virii generally benign -- they can no longer reproduce. they're still an annoyance to our users, though. (yes, we're using bogus-warning.cf, and it helps a lot.) -- Kjetil T. -- ## List details at http://www.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
