Hi there,
Actually I got lot of spam on my mailers.
The stuff is that the same helo string is used, a fake yahoo one.
For example:
Received: from yahoo.com (unknown [aaa.bbb.ccc.ddd])
Thus I wrote a director that filter this helo string and reject it if
the sender's ip does no match the helo string. Data are fetched into
DBM files.
I got /etc/exim/helo_reject that contains a list of rejected helo and
a file path to an other dbm file that contains list of authorized IP
for this helo string.
An example should be clearer :
/etc/exim/helo_reject:
domain1.com: /etc/exim/helo_accept/d/o/m/domain1.com
foobar.org: /etc/exim/helo_reject/f/o/o/foobar.com
[...]
/etc/exim/helo_accept/d/o/m/domain1.com:
123.234.2.1
/etc/exim/helo_reject/f/o/o/foobar.com does not exist (I do not want
foobar.org as an helo string)
This mean: I block both "domain1.com" and "foobar.org" in helo
sting. But I accept "domain1.com" for host 123.234.2.1
I defined a macro that fetch the name of the IP list file:
HELO_ACCEPT_FILE = ${lookup {${lc:$sender_helo_name}} lsearch \
{/etc/exim/helo_reject}{$value}fail}
The director:
helo_spamers:
driver = localuser
require_files = HELO_ACCEPT_FILE
condition = ${lookup {$sender_host_address} dbm {HELLO_ACCEPT_FILE} \
{0}{1}}
transport = black_hole
The transport:
black_hole:
driver = appendfile
group = mail
mode = 0660
file = /dev/null
My question is:
It is possible to potimize this a little bit?
- I wouldn't set an helo string and a file path in the
/etc/exim/helo_reject. If I could have:
domain1.com
foobar.org
and let exim do the job, it would be great.
- The IP file should only contains IP adresse, no network adress (not
CIDR notation, or IP range). Is it possible to change to such notations?
TIA
--
Sebastien J. Gross
