> > With exim callouts, HELO checking, and SA-Exim, I get virtually no
> spam, and
> > without annoying people who send me mail.
> >
> > Marc
>
> Would you mind elaborating on the HELO checking that you do.
I can give you an example of the HELO that I use:
acl_check_helo:
# always accept if this is localhost
accept condition = ${if eq{$interface_address}{127.0.0.1}{yes}{no}}
# Reject HELOs that contain IP addresses unless we are a relay for
# them.
drop !hosts = +relay_from_hosts
message = ${lookup \
mysql{select reject_reason \
from eximconf.reject_messages \
where reject_name='ip_helo'} \
{${expand:$value}} \
}
log_message = HELO is an IP
condition = ${if match{$sender_helo_name}{\N^\[?\d+\.\d+\.\d+\.\d+\]?$\N}{yes}{no}}
# Same as above, but check for common HELO names to see if they come
# from the correct host.
drop !hosts = +relay_from_hosts
message = ${lookup \
mysql{select reject_reason \
from eximconf.reject_messages \
where reject_name='host_helo_mismatch'} \
{${expand:$value}} \
}
log_message = HELO mismatch
condition = ${if \
or { \
{and { \
{or { \
{eq{$sender_helo_name}{hotmail.com}} \
{eq{$sender_helo_name}{msn.com}} \
} \
} \
{!match{$sender_host_name}{(hotmail|msn)\\.com}} \
}} \
{and { \
{eq{$sender_helo_name}{aol.com}} \
{!match{$sender_host_name}{(netscape|aol)\\.(net|com)}} \
}} \
{and { \
{eq{$sender_helo_name}{outblaze.com}} \
{!match{$sender_host_name}{outblaze\\.com}} \
}} \
# {and { \
# {eq{$sender_helo_name}{}} \
# {!match{$sender_host_name}{}} \
# }} \
} \
{yes}{no} \
}
accept
NOTE: this won't work with exim 4.14 w/o the patch I wrote for the HELO acl.
Phil has incorporated my patch into the testing release of exim and should be
in exim 4.20.
I'd like to figure out a better way of doing that last set, I just haven't
bothered to attempt to figure it out.
