Hi, Dominic On Wed, 10 Aug 2011 11:41:36 +0100 in message number <[email protected]>, received here on 10/08/2011 12:57:34, Dominic Benson <[email protected]> said:
> On 10/08/11 11:20, Bill Hayles wrote: > > If that is the case, then it is the webmail configuration that needs > > looking at, and not Exim. > > I agree with regard to spam checking - although there is a case for AV > scanning outbound messages and then bouncing them if necessary. People > do accidentally send infected attachments, after all. That's true. However much I may nag my users to scan their mail on receipt, you can't physically make them. Having read what I wrote, and your reply, then I can see we're in almost total agreement; Exim has a role to play here. > > Regardless of whether it was webmail, the real fix is to protect it from > the original abuse. I agree entirely - hopefully at the point of entry, not exit. > With webmail, it is only as legitimate as authenticated SMTP. The important word being authenticated, but agree. > So it > isn't necessarily unreasonable to have some last-ditch anti-abuse > measures. Or AV. My point was not that the statement is unsafe, rather > that if you wish such messages to be subject to other conditions, they > need to be inserted before it in the ACL. And for a comparative Exim novice (like me?), perhaps the easiest way is simply to remove any accept hosts = automatic acceptance line in exim.conf. I still think that's simply papering over the original crack, which needs fixing, but a last ditch backstop can't be a bad idea. -- This is Spain. We do things differently here! Bill Hayles [email protected] -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
