>Subject: Re: [Exim] Blocking sobig.f
>In-Reply-To: <20030819193008.A25148@???>
>To: Wakko Warner <wakko@???>
>CC: exim-users@???
>Date: Wed, 20 Aug 2003 12:18:51 +0100 (BST)
>
>Wakko Warner may one day have said:
>[snip]
>> I've noticed lots of them EHLO as "ED". You could check to see if there's a
>> dot in the HELO name (pretty much all legit mail EHLOs as a FQDN or is that
>> FQHN =)
>> drop message = We do not accept mail of this kind
>> condition = ${if match{$sender_helo_name}{ED}{yes}{no}}
>
>Do you have a gernalised version of this which checks for a dot in the
>HELO name?
Try something like:
# The helo parameter must be at least two components separated
# by a fullstop. We're crudely attempting to make sure the helo
# parameter is a FQDN or an IP literal.
deny message = Your email is unacceptable.
condition = ${if match {${lc:$sender_helo_name}}{\N([a-z0-9])+\.([a-z0-9])+\N} {no}{yes}}
WARNING: I haven't thoroughly tested the above. Use at your own
risk. I'm sure it can be improved. For example, you
should also ensure the helo parameter doesn't start or end
with a fullstop.
