On Fri, 20 Jun 2003, Dave Restall - System Administrator wrote:
> I'm seeing in my logs :-
>
> 2003-06-20 13:50:37 no host name found for IP address 213.1.253.57
OpenRBL reports a certain dissatisfaction with that address,
for example "btinternet is full of spammers".
> 2003-06-20 13:50:38 rejected HELO from [213.1.253.57]: syntactically
> invalid argument(s): ECLEAR_SERVER
Hmmm...
> I contacted the postmaster at the guilty domain and he said they would
> look into it. As yet nothing has come back (this is nearly a fortnight
> ago) and these messages appear in my log files every few seconds.
Others have told you how to _accept_ such defective requests from
misbehaved servers.
Of course, you might take the view that it's better not to accept mail
from such misbehaved and poorly-managed servers. Trying to block it
at the HELO stage is legal, but seems to be treated by far too many
servers as a purely temporary error. There is a better (IMHO) way.
> Before I put a firewall rule in to stop the stuff coming through,
That's one possible approach: of course they'll then go and hassle
your backup MX if you have one...
Here's a possible strategy (assuming exim4, of course):
1. In the main configuration:
helo_accept_junk_hosts = *
This lets them get past the HELO stage, even though they're invalid.
2. Then at the RCPT ACL, after accepting mail that's addressed
specifically to the postmaster address, do something like this:
deny hosts = ! CONFIG_DIR/helo_accept_junk_hosts
message = Rejected because unacceptable syntax in HELO/EHLO name: \
$sender_helo_name \n\
This is commonly associated with misconfigured mail software:\n\
SORRYTEXT
condition = ${if match \
{$sender_helo_name}{\N^[-a-zA-Z0-9.]+$\N}{no}{yes}}
The file helo_accept_junk_hosts lists any hosts which you decide to
excuse from this check. SORRYTEXT is a macro containing standard
apology boilerplate, and an invitation to contact the postmaster
address if dissatisfied.
Hitting them on the head at RCPT time carries much better prospects of
making them go away on 5xx, rather than them hammering away retrying
in the way that you're reporting.
good luck