> > Would an helo acl be useful?
>
> I didn't think so, which is why I didn't implement it.
I see. I personally thought it was useful and 2 other people have asked me
for the patch. It's actually quite small (~90 lines .diff)
> > I wanted it (and have added it locally). If anyone would like the small
> > patch (phil? =) I'll send it.
>
> It's clearly a small patch, and I don't mind including it if people want
> it. But what is the benefit? Is this the argument that you should reject
> HELO/EHLO instead of sending a rejection at connection time? I don't
> myself see much difference.
My idea was to drop (instead of deny) spammers that use HELOs of aol or
hotmail or my own IP address at HELO time instead of MAIL time.
It's including smtp_data into it (I just copied the code fragment from
another smtp command that used it. I think I copyied AUTH). I don't think
smtp_data would be useful.
Anyway, here's the patch:
diff -u exim-4.14-orig/src/globals.c exim-4.14/src/globals.c
--- exim-4.14-orig/src/globals.c Tue Mar 11 07:20:20 2003
+++ exim-4.14/src/globals.c Thu Mar 27 13:11:10 2003
@@ -151,6 +154,7 @@
uschar *acl_smtp_data = NULL;
uschar *acl_smtp_etrn = NULL;
uschar *acl_smtp_expn = NULL;
+uschar *acl_smtp_helo = NULL;
uschar *acl_smtp_mail = NULL;
uschar *acl_smtp_rcpt = NULL;
uschar *acl_smtp_starttls = NULL;
@@ -173,7 +177,8 @@
US"RCPT",
US"STARTTLS",
US"VRFY",
- US"non-SMTP" };
+ US"non-SMTP",
+ US"HELO" };
int acl_wherecodes[] = { 503, /* AUTH */
550, /* connect */
@@ -184,7 +189,8 @@
550, /* RCPT */
550, /* STARTTLS */
252, /* VRFY */
- 0 }; /* not SMTP; not relevant */
+ 0, /* not SMTP; not relevant */
+ 550 }; /* HELO */
BOOL accept_8bitmime = FALSE;
address_item *addr_duplicate = NULL;
diff -u exim-4.14-orig/src/globals.h exim-4.14/src/globals.h
--- exim-4.14-orig/src/globals.h Tue Mar 11 07:20:20 2003
+++ exim-4.14/src/globals.h Tue Mar 25 11:38:00 2003
@@ -93,6 +96,7 @@
extern uschar *acl_smtp_data; /* ACL run after DATA */
extern uschar *acl_smtp_etrn; /* ACL run after ETRN */
extern uschar *acl_smtp_expn; /* ACL run after EXPN */
+extern uschar *acl_smtp_helo; /* ACL run after HELO */
extern uschar *acl_smtp_mail; /* ACL run after MAIL */
extern uschar *acl_smtp_rcpt; /* ACL run after RCPT */
extern uschar *acl_smtp_starttls; /* ACL run after STARTTLS */
diff -u exim-4.14-orig/src/macros.h exim-4.14/src/macros.h
--- exim-4.14-orig/src/macros.h Tue Mar 11 07:20:21 2003
+++ exim-4.14/src/macros.h Tue Mar 25 11:05:46 2003
@@ -677,7 +677,7 @@
enum { ACL_WHERE_AUTH, ACL_WHERE_CONNECT, ACL_WHERE_DATA, ACL_WHERE_ETRN,
ACL_WHERE_EXPN, ACL_WHERE_MAIL, ACL_WHERE_RCPT, ACL_WHERE_STARTTLS,
- ACL_WHERE_VRFY, ACL_WHERE_NOTSMTP };
+ ACL_WHERE_VRFY, ACL_WHERE_NOTSMTP , ACL_WHERE_HELO};
/* Situations for spool_write_header() */
diff -u exim-4.14-orig/src/readconf.c exim-4.14/src/readconf.c
--- exim-4.14-orig/src/readconf.c Tue Mar 11 07:20:22 2003
+++ exim-4.14/src/readconf.c Tue Mar 25 11:30:20 2003
@@ -110,6 +110,7 @@
{ "acl_smtp_data", opt_stringptr, &acl_smtp_data },
{ "acl_smtp_etrn", opt_stringptr, &acl_smtp_etrn },
{ "acl_smtp_expn", opt_stringptr, &acl_smtp_expn },
+ { "acl_smtp_helo", opt_stringptr, &acl_smtp_helo },
{ "acl_smtp_mail", opt_stringptr, &acl_smtp_mail },
{ "acl_smtp_rcpt", opt_stringptr, &acl_smtp_rcpt },
#ifdef SUPPORT_TLS
diff -u exim-4.14-orig/src/smtp_in.c exim-4.14/src/smtp_in.c
--- exim-4.14-orig/src/smtp_in.c Tue Mar 11 07:20:23 2003
+++ exim-4.14/src/smtp_in.c Thu Mar 27 13:33:49 2003
@@ -1959,6 +1959,19 @@
break;
}
+ /* Apply an ACL check if one is defined, before responding */
+
+ if (acl_smtp_helo != NULL)
+ {
+ rc = acl_check(ACL_WHERE_HELO, smtp_data, acl_smtp_helo, &user_msg,
+ &log_msg);
+ if (rc != OK)
+ {
+ done = smtp_handle_acl_fail(ACL_WHERE_HELO, rc, user_msg, log_msg);
+ break;
+ }
+ }
+
/* If sender_host_unknown is true, we have got here via the -bs interface,
not called from inetd. Otherwise, we are running an IP connection and the
host address will be set. If the helo name is the primary name of this
