[Exim] rcpt phase ACL against common forgery

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Giuliano Gavazzi
Date:  
À: Exim-users@exim.org
Anciens-sujets: Re: [Exim] Re: ACL's RULE!
Sujet: [Exim] rcpt phase ACL against common forgery
Hello,

I might have not made my point with my previous message in
the "ACL's RULE!" thread, but, apart from the risk of changes
in the headers from yahoo and company, I am not at all happy
with an ACL that does not kick in at RCPT phase.

I have written a simple and primitive rule that applies only
to senders in a restricted domain list. For these users I require
that the EHLO/HELO argument is the real domain of the peer server.
This will also allow the sender to use a different outgoing
server (for instance an hotmail user might want to use their
ISP instead of hotmail.com) as long as these servers identify
themselves "correctly".

deny    sender_domains  = hotmail.com : yahoo.com
        message         = X-Forgery: NOT A $sender_helo_name SERVER (OR TEMPORARY DNS FAILURE)
        condition       = ${if match {$sender_host_name}{.*$sender_helo_name}{no}{yes}}



Now, how can I send a temporary failure 4XX if the $sender_host_name
expand to the null string (DNS failure)?
I see two options: either a "fail" action, that acts like deny, but
sends a 4XX error message, or allow deny to specify the complete error
message, so that I can send a 4XX message myself.

Anyway, with this ACL Carl Miller and his jackpots can go to hell (have
I made my message flagged as spam this way?).

Thanks (since I forgot to thank in my first post)

Giuliano

exim rocks! (and not just because I live in Cambridge)
--
H U M P H
|| |||
software

Java & C++ Server/Client/Human Interface applications on MacOS - MacOS X
http://www.humph.com/