Re: [Exim] Blocking sobig.f

Top Page
Delete this message
Reply to this message
Author: Dennis Davis
Date:  
To: Giolla Decair
CC: exim-users
Subject: Re: [Exim] Blocking sobig.f
>Subject: Re: [Exim] Blocking sobig.f
>In-Reply-To: <20030819193008.A25148@???>
>To: Wakko Warner <wakko@???>
>CC: exim-users@???
>Date: Wed, 20 Aug 2003 12:18:51 +0100 (BST)
>
>Wakko Warner may one day have said:
>[snip]
>> I've noticed lots of them EHLO as "ED".  You could check to see if there's a
>> dot in the HELO name (pretty much all legit mail EHLOs as a FQDN or is that
>> FQHN =)
>> drop    message = We do not accept mail of this kind
>>     condition = ${if match{$sender_helo_name}{ED}{yes}{no}}

>
>Do you have a gernalised version of this which checks for a dot in the
>HELO name?


Try something like:


  # The helo parameter must be at least two components separated
  # by a fullstop.  We're crudely attempting to make sure the helo
  # parameter is a FQDN or an IP literal.
  deny    message = Your email is unacceptable.
          condition = ${if match {${lc:$sender_helo_name}}{\N([a-z0-9])+\.([a-z0-9])+\N} {no}{yes}}



WARNING:  I haven't thoroughly tested the above.  Use at your own
          risk.  I'm sure it can be improved.  For example, you
          should also ensure the helo parameter doesn't start or end
          with a fullstop.