Hi all,
According to spec.txt:
If "helo_verify_hosts" or "helo_try_verify_hosts" is set, Exim
refuses to accept messages from hosts that match either of them,
unless a HELO or EHLO command is received before the MAIL command.
Otherwise, MAIL commands are rejected with a 550 error.
Yet, setting helo_try_verify_hosts = * still allows someone to send no
HELO command before sending MAIL or even send an HELO which doesn't pass
the syntax check and gets rejected but still continue with the MAIL
command which is accepted. I've seen a couple of spammers using a literal
"HELO $domain" which gets rejected still able to send their mail because
their software does not even look at the response to HELO and continue
with the other commands.
To comply to spec.txt, smtp_in.c line 2110 should be changed (btw, using
4.05) from
if (helo_required && !helo_seen)
to
if ((helo_required || helo_verify) && !helo_seen)
And, I believe MAIL should be rejected also if HELO was tried but rejected
even without helo_required or helo_verify...
--
Patrice Fournier
pfournier@???
