Re: [Exim] SPAM from DHCP users

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMSuresh Ramasubramanian at <-
 
Delete this message
Reply to this message
Author: Rick Cooper
Date:  
To: exim-users
Subject: Re: [Exim] SPAM from DHCP users
I have been using the following on a low volume server (Makes it easier to
validate the reject was righteous) and so far so good. I hestitate to post
this because it's obviously not checking the HELO against the ptr but I am
happy being pretty sure the helo name A record(s) is the same as the the IP
that I am connected to. I have no desire to add fuel to the "debate" about
DNS.

#CHECK SENDER IP AGAINST HELO NAME
deny message = You do not appear to be who you say you are. HELO WAS:
$sender_helo_name, HOSTNAME IS: $sender_host_name IP IS
[$sender_host_address] IP SHOULD be: $acl_c0
    sender_domains = !+local_domains
    set acl_c0 = ${lookup dnsdb{a=${extract{1}{
(}{$sender_helo_name}}}{$value}{NO-A-RECORD-FOUND}}
    condition = ${if and {\
                        {!eq{}{$sender_host_address}}\
                        {!eq{}{$sender_helo_name}}\
                        {!match{${lookup dnsdb{a=${extract{1}{
(}{$sender_helo_name}}}{$value}}}{$sender_host_address}}\
                    }\
                    {yes}{no}}

Produces output such as:

2003-06-30 18:20:07 H=pc-30-239-162.las-condes3.pc.metropolis-inter.com
(yahoo.ca) [200.30.239.162] F=<cmadden_il@???> rejected RCPT
<rick@???>: You do not appear to be who you say you are. HELO
WAS: yahoo.ca, HOSTNAME IS: pc-30-239-162.las-condes3.pc.metropolis-inter
com IP IS [200.30.239.162] IP SHOULD be: 66.218.71.198

There is alot of information, to help check the reject, that will be removed
when I put the ACL on the other servers


Rick Cooper
-------Original Message-------

From: Segree, Gareth
Date: Tuesday, July 01, 2003 11:32:51 AM
To: 'exim-users@???'
Subject: [Exim] SPAM from DHCP users

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
--
[ Picked text/plain from multipart/alternative ]
Is there some how that I can use exim to verify the host sending a mail in
an attempt to block spammers.
They connect to my mail server and type something like.

Helo compuserve.com

Yet their address is adsl1.earthlink.xxx.xxx.xxx.xxx


--

--

## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
details at http://www.exim.org/ ##




.



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: Now well off-topic - was Re: [Exim] how to configure HELO/EHLO and DNS for multi-homed hosts[Exim] Help with condition statement needed->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)