>From: "Alan J. Flavell" <flavell@???>
>To: Exim users list <exim-users@???>
>Subject: [Exim] FAQ(4) Q/A5023 about ident
>Sender: exim-users-admin@???
>Date: Tue, 15 Apr 2003 14:09:29 +0100 (BST)
...
>a) We've found it effective against two rather prevalent kinds of open
>proxy (whether already blacklisted at the RBLs or not) to recognise
>ident strings of "squid" and "CacheFlow Server" and reject mail from
>them. Snippets such as this in the RCPT ACL do the trick:
>
> deny condition = ${if eq{$sender_ident}{CacheFlow Server}{1}{0}}
> message = Rejected - appears to be an unsecured proxy: $sender_ident
Almost totally unrelated, but I see lots of connections from
""CacheFlow Server" to our mail servers. Usually their HELO
messages announce themselves to be the same IP address as the server
to which they are connecting. So they're being caught here with an
ACL of the form:
deny message = Imposters are persona non grata
condition = ${if or { \
{eq {${lc:$sender_helo_name}}{WHOAMI}} \
{eq {$sender_helo_name}{HOST_IP}} \
} \
{yes}{no}}
where WHOAMI & HOST_IP are just simple macros set earlier in the
configuration.
