Re: [Exim] HELO acl

Página Inicial
Delete this message
Reply to this message
Autor: Tony Earnshaw
Data:  
Para: exim-users@exim.org
Assunto: Re: [Exim] HELO acl
tir, 2003-04-01 kl. 14:47 skrev William Thompson:

> That'd force them to use an HELO of the reverse of their IP. I wouldn't do
> it this way on my server because I know there's host (me for instance) that
> send an HELO out that doesn't map to the reverse of it's IP, however it does
> resolve to my IP. I still think that denying based on an HELO of my
> internet IP is a good idea (since noone on the inside knows about my ouside
> IP)


But I already do this on sender_helo_name/sender_host_name - I just
didn't post it, since it wasn't relevant. No-one can claim he's my host
without being it, since I compare his IP number to mine.
[...]
>     # Reject HELOs that contain IP addresses unless we are a relay for
>     # them.  I realize this might not be a good idea, but haven't seen
>     # any legit HELOs to this server with IPs.
>     deny    !hosts = +relay_from_hosts
>         message = HELO may not be an IP address
>         condition = ${if match{$sender_helo_name}{\N^\[?\d+\.\d+\.\d+\.\d+\]?$\N}{yes}{no}}


As far as I'm concerned, no relay_from host may give an IP number in a
helo/ehlo. Nobody else, either. If necessary for yourself, you can use
sender_host_address or extract the client's IP number form
sender_fullhost - you don't need a regex.

> {eq{$sender_helo_name}{hotmail.com}} \
> {eq{$sender_helo_name}{msn.com}} \


For all of this stuff, you could do a lookup, once and for all.

Best,

Tony

--

Tony Earnshaw

e-post:        tonni@???
www:        http://www.billy.demon.nl