Ian Zimmerman via Exim-users (Di 24 Sep 2019 15:53:27
EDT):
>
> Ok, never mind. I'll just enhance my module to read the body from
> $message_body if necessary. Even now, I never read the entire MIME
The message_body does not contain the full message body.
I believe, there is a related option.
Ian Zimmerman via Exim-users (Di 24 Sep 2019 14:43:52
EDT):
> On 2019-09-24 13:51, Heiko Schlittermann wrote:
>
> > Isn't that well defined enough?
> > /scan//.eml
> >
> > It gets created on the first malware condition.
> Are you sure?
No, as always, I'm not sure :)
> I have no malware=
On 2019-09-24 11:43, Ian Zimmerman wrote:
> I have no malware= condition in my configuration now. I had one until
> yesterday, but for a different and unrelated purpose, and I removed
> it. Nevertheless, my dlexpand module, which is called from the MIME
> acl with $mime_decoded_filename is an
On 2019-09-24 13:51, Heiko Schlittermann wrote:
> Isn't that well defined enough?
> /scan//.eml
>
> It gets created on the first malware condition.
Are you sure?
I have no malware= condition in my configuration now. I had one until
yesterday, but for a different and unrelated purpose, and I
Ian Zimmerman via Exim-users (Di 24 Sep 2019 13:25:54
EDT):
>
> [1] In the case of the MIME acl, the file name is in
> $mime_decoded_filename. But how can I have the _body_ in a file with a
> well defined name in data acl? That is the "Pudels Kern".
Isn't that well defined enough?
/scan//.eml
On 2019-09-24 09:08, Jeremy Harris wrote:
> Don't try to be too clever, it'll break later. Use the interfaces
> provided.
If I use the malware condition, I have to write a whole program to
handle the other end. I have a choice:
- Write in in C, and deal with the usual memory management
On 2019-09-24 07:10, Heiko Schlittermann wrote:
> > * Additional ACL conditions and modifiers: decode, malware,
> > mime_regex, regex , and spam. These can be used in the ACL that is
> > run at the end of message reception (the acl_smtp_data ACL).
>
> I'll change this, removing the latter
On Tue, 24 Sep 2019 at 14:43, Cyborg via Exim-users
wrote:
> Am 24.09.19 um 11:07 schrieb Odhiambo Washington via Exim-users:
> > 2019-09-23 19:05:01 1iCQpf-0002zI-7B <= benson.ku...@ourdomain.tld
> > H=([127.0.0.1]) [5.61.42.174] I=[41.57.X.X]:587 P=esmtpsa
> >
Am 24.09.19 um 11:07 schrieb Odhiambo Washington via Exim-users:
> 2019-09-23 19:05:01 1iCQpf-0002zI-7B <= benson.ku...@ourdomain.tld
> H=([127.0.0.1]) [5.61.42.174] I=[41.57.X.X]:587 P=esmtpsa
> X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no
> A=plain:benson.ku...@ourdomain.tld S=153471
Ian Zimmerman via Exim-users (Mo 23 Sep 2019 21:29:30
EDT):
>
> Additional ACL conditions and modifiers: decode, malware, mime_regex,
> regex, and spam. These can be used in the ACL that is run at the end
> of message reception (the acl_smtp_data ACL).
Hm. I didn't check the code either.
On 24/09/2019 09:40, Jasen Betts via Exim-users wrote:
> On 2019-09-24, Odhiambo Washington via Exim-users wrote:
>
>> Authentication-Results: gw.ourdomain.tld;iprev=fail
>> smtp.remote-ip=5.61.42.174;auth=pass (PLAIN)
>> smtp.auth=benson.ku...@ourdomain.tld;dmarc=skipped
>>
On Tue, 24 Sep 2019 at 11:48, Jasen Betts via Exim-users <
exim-users@exim.org> wrote:
> On 2019-09-24, Odhiambo Washington via Exim-users
> wrote:
>
> > Authentication-Results: gw.ourdomain.tld;iprev=fail
> > smtp.remote-ip=5.61.42.174;auth=pass (PLAIN)
> >
On 2019-09-24, Odhiambo Washington via Exim-users wrote:
> Authentication-Results: gw.ourdomain.tld;iprev=fail
> smtp.remote-ip=5.61.42.174;auth=pass (PLAIN)
> smtp.auth=benson.ku...@ourdomain.tld;dmarc=skipped
> header.from=ourdomain.tld
Is that a standard header? I've not seen exim
On 24/09/2019 02:29, Ian Zimmerman via Exim-users wrote:
> The text of the spec says:
...
> The .eml extension is a friendly hint to virus scanners that they can
> expect an MBOX-like structure inside that file. The file is created
> when the first content scanning facility is called.
> But
Looks like "5.61.42.174" gets spammed via webmail (127.0.0.1) or got hacked and
spams via script. Check that system.
Am September 24, 2019 7:40:07 AM UTC schrieb Odhiambo Washington via Exim-users
:
>Hi all,
>
>One particular account on my server has been used to send spam
>repeatedly.
>I have
If the gw.ourdomain.tld is listed as authorized relayer in exim4 config,
authentication isn't needed.
Check the configuration that relaying is not authorized for gw.ourdomain.tld
Best thing you can do is to restrict so BOTH an authorized IP *AND* a
password is required to be authorized to relay,
Hi all,
One particular account on my server has been used to send spam repeatedly.
I have changed the account's password so many times now that I believe this
spam is not actually using their password for ASMTP, but probably a hole on
the system which I am not able to detect.
I am requesting for
17 matches
Mail list logo
