Chris Edwards wrote:
> |
> | seen the `helo_*' options in spec.txt already ?
> |
>
> Could be missing something. But haven't found it yet...
>
> Setting helo_verify_hosts checks the HELO string exactly matches the
> reverse DNS of the calling IP, which is *much* stricter. Sadly on today's
> internet this rejects virtually all mail! (perhaps slight exaggeration...)
>
> We simply want to check syntax. The v4 upgrade doc says:
>
> "helo_strict_syntax has been abolished. The default is now to enforce
> strict domain syntax for HELO/EHLO arguments. You can use
> helo_accept_junk_hosts ifyou want to avoid this."
>
> which seems pretty clear. Our helo_accept_junk_hosts is empty so we
> should be enforcing strict syntax. But then 4.10 spec.txt says:
>
> helo_accept_junk_hosts
>
> Exim checks the syntax of HELO and EHLO commands for incoming SMTP mail,
> and gives an error response for invalid data
>
> which I suppose it does. But this is hardly rejecting the mail. Shurely
> it needs to 550 every subsequent RCPT command ?
you could try to check $sender_helo_name in your ACLs, and check it for
validity, maybe with something like that
deny condition = ${if match \
{$sender_helo_name}{\N^[\w.]+\.\w+$\N}{no}{yes}}
message = Junk in HELO detected.
But i don't know if exim will set the $sender_helo_name if the HELO is
rejected.
ciao
