Re: [Exim] HELO acl

トップ ページ
このメッセージを削除
このメッセージに返信
著者: William Thompson
日付:  
To: Tony Earnshaw
CC: exim-users@exim.org
題目: Re: [Exim] HELO acl
> >     # Reject HELOs that contain IP addresses unless we are a relay for
> >     # them.  I realize this might not be a good idea, but haven't seen
> >     # any legit HELOs to this server with IPs.
> >     deny    !hosts = +relay_from_hosts
> >         message = HELO may not be an IP address
> >         condition = ${if match{$sender_helo_name}{\N^\[?\d+\.\d+\.\d+\.\d+\]?$\N}{yes}{no}}

>
> As far as I'm concerned, no relay_from host may give an IP number in a
> helo/ehlo. Nobody else, either. If necessary for yourself, you can use
> sender_host_address or extract the client's IP number form
> sender_fullhost - you don't need a regex.


The reason I used a regex is to see if the HELO was an IP (regardless of
who's it is) I couldn't think of a better way to test for that. As far as
relay_from_hosts, all I relay for is internal IPs which I don't care if HELO
is accurate or not (most of them just show up as "x")

> > {eq{$sender_helo_name}{hotmail.com}} \
> > {eq{$sender_helo_name}{msn.com}} \
>
> For all of this stuff, you could do a lookup, once and for all.


I could, that was just my first idea that expanded to that.

How would I do a lookup when I know a site might be like hotmail/msn?

How do I test if the db file would be:
msn.com        *.hotmail.com:*.msn.com
hotmail.com    *.hotmail.com:*.msn.com



I don't fully understand lookups yet.