Hello,
We are setting up Amavis and Clamav to detect credit cards coming into
our email, and it's working. However, it's returning the original email
to the sender, which also contains the credit card numbers. Receiving
the credit card numbers is bad enough, sending them back out again
violates PCI. Is there a way to reject the email without returning the
original email content? Below is a returned email with test numbers as
an example.
Thank you,
Rob McKennon
The mail system
<xxxxxxxxxx <mailto:[email protected]>>: host 127.0.0.1[127.0.0.1]
said: 554 5.7.0 Reject, id=06026-19 - INFECTED:
Heuristics.Structured.CreditCardNumber (in reply to end of DATA command)
Final-Recipient: rfc822;xxxxxxxxxxxxx<mailto:[email protected]>
Original-Recipient: xxxxxxxxxxxxxx <mailto:rfc822%[email protected]>
Action: failed
Status: 5.7.0
Remote-MTA: dns; 127.0.0.1
Diagnostic-Code: smtp; 554 5.7.0 Reject, id=06026-19 - INFECTED:
Heuristics.Structured.CreditCardNumber
---------- Forwarded message ----------
From: xxxxxxxxxxxxxxxxxxxx
To: xxxxxxxxxxxxxxxxxxxxxx
Cc:
Date: Fri, 1 Apr 2016 10:12:42 -0400
Subject: test cc
4111 1111 1111 1111 Exp: 04/17
4012 8888 8888 1881 Exp: 04/17
