On Sat, 2003-05-03 at 00:39, William Thompson wrote:
> log_message = HELO mismatch
> {eq{$sender_helo_name}{hotmail.com}} \
> {eq{$sender_helo_name}{msn.com}} \
This is guaranteed collateral damage if you are not careful.
Hotmail and MSN actual mail does come from machines which have no rDNS
but HELO as hotmail.com / msn.com etc.
OK, if you match the sender hostname as well (but you have no way of
checking that afaik - you can best check rDNS).
>
> {eq{$sender_helo_name}{outblaze.com}} \
> {!match{$sender_host_name}{outblaze\\.com}} \
Yeah this will work - if you get a HELO of *.outblaze.com from any host
that does not have forward and reverse dns, and a hostname, in the
outblaze.com domain, feel free to reject it.
Also feel free to entirely reject HELOs of our customer domains
(mail.com, email.com, operamail.com etc) - mail for these domains, if
coming from our servers, will come with a HELO in the outblaze.com
domain (the sending server name, typically) - we never emit helos like
mail.com / email.com etc. If someone else is sending such helos, you
can be sure these are forgeries.
> I'd like to figure out a better way of doing that last set, I just haven't
> bothered to attempt to figure it out.
Have exim query a DB of banned HELOs (and HELO patterns) and reject them
outright.
srs
