On 10/08/11 11:20, Bill Hayles wrote:
Hi, Dominic and The Doctor
On Wed, 10 Aug 2011 10:23:43 +0100 in message number<[email protected]>,
received here on 10/08/2011 11:47:16, Dominic Benson<[email protected]> said:
The Doctor wrote
someone hijecked www to senjd thousands of spam and exim did not drop it
Perhaps The Doctor could expand on that. If he means that thousands of
spam were sent via his webmail program, then the normal condition is for
them to be accepted unconditionally as webmail users are assumed
legitimate, having had to log on.
If that is the case, then it is the webmail configuration that needs
looking at, and not Exim.
I agree with regard to spam checking - although there is a case for AV
scanning outbound messages and then bouncing them if necessary. People
do accidentally send infected attachments, after all.
Regardless of whether it was webmail, the real fix is to protect it from
the original abuse.
Depending on how the mail was initiated, it could be
accept hosts = :
But that is normally safe (I certainly have it) as you assume anything
not sent by TCP/IP, i.e. originating from 127.0.0.1 is legitimate.
If it isn't, then again, trying to configure Exim to fix the problem
isn't, IMHO, the right way to go about it
With webmail, it is only as legitimate as authenticated SMTP. So it
isn't necessarily unreasonable to have some last-ditch anti-abuse
measures. Or AV. My point was not that the statement is unsafe, rather
that if you wish such messages to be subject to other conditions, they
need to be inserted before it in the ACL.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
