Re: [Exim] "CacheFlow Server" and exim4

Top Page
Delete this message
Reply to this message
Author: sharun
Date:  
To: Alan J. Flavell
CC: Exim users list
Subject: Re: [Exim] "CacheFlow Server" and exim4
deny condition = ${if eq{$sender_ident}{squid}{yes}{no}}
          message       = Hacked proxy ? Go away!


  deny    condition = ${if eq{$sender_ident}{CacheFlow Server}{yes}{no}}
          message       = Hacked proxy ? Go away!



Alan J. Flavell wrote:
>
> There's a class of event which shows up in the logs as e.g
>
> 2002-12-07 00:42:43 H=(nric) [200.160.36.13] (CacheFlow Server)
> F=<wvdvn@???> rejected RCPT...
>
> Am I right in thinking that "CacheFlow Server" here is always
> indicative of an open proxy? What actually _is_ this item of data in
> the mainlog, I'm having a hard time finding it documented in chapter
> 44. I'm suspicious that it might be the rfc1413 "ident", but then why
> isn't it prefixed with "U=" as indicated in 44.12?
>
> Does anyone block mail on the basis of this indication, and if so,
> could they offer an exim4 recipe for it, please? It seems to be quite
> a pestilence.


--
VVS56-RIPE