Re: [Exim] Blocking sobig.f

Author: Dennis Davis
Date:
To: Giolla Decair
CC: exim-users
Subject: Re: [Exim] Blocking sobig.f

>Subject: Re: [Exim] Blocking sobig.f
>In-Reply-To: <20030819193008.A25148@???>
>To: Wakko Warner <wakko@???>
>CC: exim-users@???
>Date: Wed, 20 Aug 2003 12:18:51 +0100 (BST)
>
>Wakko Warner may one day have said: >[snip] >> I've noticed lots of them EHLO as "ED". You could check to see if there's a >> dot in the HELO name (pretty much all legit mail EHLOs as a FQDN or is that >> FQHN =) >> drop message = We do not accept mail of this kind >> condition = ${if match{$sender_helo_name}{ED}{yes}{no}}

>
>Do you have a gernalised version of this which checks for a dot in the
>HELO name?

Try something like:

  # The helo parameter must be at least two components separated
  # by a fullstop.  We're crudely attempting to make sure the helo
  # parameter is a FQDN or an IP literal.
  deny    message = Your email is unacceptable.
          condition = ${if match {${lc:$sender_helo_name}}{\N([a-z0-9])+\.([a-z0-9])+\N} {no}{yes}}

WARNING:  I haven't thoroughly tested the above.  Use at your own
          risk.  I'm sure it can be improved.  For example, you
          should also ensure the helo parameter doesn't start or end
          with a fullstop.

This message is part of the following thread:
	the complete thread tree sorted by date
$Michael J. Tubby B.Sc. \(Hons\) G8TIC at 2003-08-20 11:49$	Michael J. Tubby B.Sc. \(Hons\) G8TIC at
	Wakko Warner at