[exim] Very strange problem: E-Mail denied by ACL, but send via router

Wed, 24 Feb 2021 04:23:10 -0800 

Hi list!

I have a very strange problem...
By some E-Mails (no template found) the sender will be notified that the E-Mail contains a virus, but the recipient receives the E-Mail. 


Some words about our configuration: we have three Antivirus (Kasperski, 
Avast and ClamAV). If at least one of these programs reports that the 
E-Mail is infected, the E-Mail should be rejected.

And it happens in the most cases! But sometimes not...


So I tried with an E-Mail we received yesterday. The E-Mail contains an 
encrypted Excel and Avast refused the E-Mail since the file is password 
protected (OK, the file is clean, I'm sure of that! And Avast should NOT 
refuse the E-Mail, but this is not my problem now).
After that Exim refuse the E-Mail with an error 5xx, but process the 
E-Mail with the routers, so that a copy of the E-Mail will reach the 
recipient.


I tried with exim -bh. I see:


deny: condition test succeeded in ACL "acl_check_data"
end of ACL "acl_check_data": DENY

unspool_mbox(): unlinking 
'/var/spool/exim4/scan/1lEsvz-0001D5-H1/1lEsvz-0001D5-H1-00000'
unspool_mbox(): unlinking 
'/var/spool/exim4/scan/1lEsvz-0001D5-H1/1lEsvz-0001D5-H1-00002'
unspool_mbox(): unlinking 
'/var/spool/exim4/scan/1lEsvz-0001D5-H1/1lEsvz-0001D5-H1-00001'
unspool_mbox(): unlinking 
'/var/spool/exim4/scan/1lEsvz-0001D5-H1/1lEsvz-0001D5-H1.eml'

552-PVC05 - This message contains a virus (Archive is password 
protected) -

552 Scanned by Avast


but the somehow exim process the E-Mail further and sends it to my 
mailbox...
An important consideration, too: we use Ciphermail to encrypt/decrypt 
the E-Mails, so we have two queues and Exim identifies the E-Mails 
coming from Ciphermail using the received_port.
It seems that, after "denying" the E-Mail, this will be sent to 
Ciphermail and after Ciphermail processed it, it returns to Exim and 
will be saved in the Mailbox.


Could someone help me finding the problem?

Thanks a lot
Luca Bertoncello
(lucab...@lucabert.de)

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/






















					Reply via email to