On Fri, 2004-06-04 at 11:56, Arjen de Korte wrote:
smtpd_recipient_restrictions = permit_mynetworks, permit_auth_destination, reject
Can't remember why I stopped using smtpd_recipient_restrictions (I think I was still trying out various configurations with content filters as I use trend interscan virus wall, which connects always as localhost, have fixed this now with the content_filter=smtp[localhost]:10026 string and editing my master.cf to match this nicely)
Your (quite minimal) configuration will not stop the virus in question, the sender host matches all criteria you listed here. I have no problems in stopping the virusses entering my system (a single RBL in smtpd_client_restrictions is sufficient in case of the 'dip.t-dialin.net' senders), it is the virus warnings from perfectly legitimate systems that are bothering me.
Yup, I started a string about these some months ago (when I needed coffee and a break from users wasting my time by insiting they had a virus as user@somewhere told them so. [snip my previous] From: "Barry Gill" <b@rry.co.za> Date: Thu, 11 Mar 2004 09:40:28 +0200 Message-ID: <PMEJIAOJHLLNGELPDEEIAEJKCBAA.b@rry.co.za> Subject: [suse-security] Anti-Virus reports Hello All. As most of you are technical, you should for the most part be in control of, or have the ear of the person who is in control of your corporate anti-virus solutions. Please for the sake of the internet can you STOP your servers sending virus notifications to the originators of the message as with today's modern virii 90% of virii use spoofed "from:" addresses. So, every time some poor person out there with MY name in their address book, or contacts folder gets a virus, I get 3000 messages (as I am sure do most of you on this list at least) telling me that I sent a virus to someone I have never heard of in my life before. This form of server administration is a very very poor form of security as you are willfully informing people who have possibly never thought of you or your servers before several key steps that it may have taken them some time to figure out. Things like... Antigen for Exchange found ScanMail for Microsoft Exchange took action on the message. The message details were: Symantec AVF detected an unrepairable NAV for Microsoft Exchange etc etc etc. Sending out mass mailer responses to virii wastes as much respource as coping with the virii themselves. Stop wasting your and my bandwidth, send reports only to admin, check the headers and if you receive mail form an address or domain often and the headers check out, THEN notify the admin/postmaster of that domain. I mean please, telling Lucy in the clerks dept about the fact that she is sending virii to somebody she has never met in Luxembourg is only going to cost her tima and money as she will call out her IT people to clean her "infected machine" Sorry about the rant, this is just one of the most annoying things that for some reason no-one ever seems to consider when setting up all this AV stuff. Barry [/snip of my previous]