On 2 June 2010 12:58, <[email protected]> wrote: > Quoting [email protected]: > >> Ok, >> >> think Ive got it >> >> with protocol spam-scanned and my dumb mail config accepts the mails >> without spam checking them. What I can do is change the spam-scanned >> string to some other value > > I changed the value of spam-scanned to spam-scannedukgsa and within a > few minutes a spam mail arrived with "P=spam-scannedukgsa" (this is in > the logs). I wonder how they do that, it must be an exploit of some > time. > Anyway, if theres no easy way to sort this then it may require a total > reconfiguration of spam handling in the config as suggested :(
Before you reconfigure it, it would be as well to understand how it works. >From the details you've provided, it seems you have a config that scans incoming spam (perhaps with mailscanner, which is commonly configured this way) via an exim local delivery, and re-injects the message into Exim for final delivery with a protocol of 'spam-scanned'. The 'P=' line in your log shows the re-injections. 'They' didn't do anything (it's not something that comes in the SMTP transaction or payload, so 'they' couldn't). 'You' set that protocol on the re-injection so that your router condition could pick it up, detect the message has already been scanned, and not scan it again. If a mail that says 'P=spam-scanned' is spam by your definition, then it's the configuration of the spam scanner that's wrong, not Exim. All Exim knows is that the scanner said it has been scanned - it's not involved in the scanning. So I suggest you look at how your scanner is configured before hacking around with the Exim config - your original router looked sane, what it said in plain language is to send every message for scanning except those that have already been scanned, and those that arrived via authenticated SMTP (so I presume you want to trust your authenticated users not to send spam). Hope this helps. Peter -- Peter Bowyer Email: [email protected] Follow me on Twitter: twitter.com/peeebeee -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
