Re: [Exim] Denying a particular HELO

On Tue, 18 Feb 2003, Jeff Bonner wrote:

> The second part of my question is this: how would I program Exim
> to completely and unabashedly ignore these requests, since they are
> unsolicited and annoying?

By the time you've recognised the request, it's too late to literally
"ignore" it, but in 4.12 you could drop the call. Or you can treat
them to a "long wait" from the ACL.

In general, dropping the call would likely result in the caller trying
your backup MX(es), so you better consider the consequences of that
and make sure the secondaries are also suitably hardened. Whether
it'll happen in this specific instance, I admit to not knowing.

Once you've collected an IP associated with this "foolishness" you
could, if you so wish, refuse further calls from it, a la

host_reject_connection = /etc/exim/plonkers

in the main configuration (v4.*), using any of the supported forms on
the right of the "=".

But sadly there are vast numbers of open proxies - even on our modest
departmental mailer we collect a dozen or so fresh ones per day used
for dictionary-scan attacks alone. So refusing calls from those which
are already known is only part of a solution IMHO.

If you've got strong nerves, then you can have the ACL write the IP
address directly into that 'plonkers' file. Otherwise you can scan
the log separately, and update the blacklist file from there.

Again consider the potential consequences for your backup MX(es).

Hope that's useful.