Author: Alan J. Flavell Date: To: Harald Meland CC: Exim users list Subject: Re: [Exim] Blocking sobig.f
On Thu, 21 Aug 2003, Harald Meland wrote:
(in relation to ACL match conditions)
> If you want the 'match' expansion condition in Exim to ignore case,
> you can include the internal regexp modifier '(?i)' (without the
> quotes) in the regexp.
Ah, thanks. As it happened, I wanted a case-*sensitive* match, but
wasn't entirely certain from the documentation that I would get it.
Problem is, we'd noticed that hosts infested with the problem were
going HELO with an unqualified name (i.e matched ^[-A-Z0-9]+$ ) but
that just a tiny number of bona fide hosts were sending us mail with
a HELO which was an unqualified name. However, the sobigs were all
in upper case, whereas the bona fides were in lower case.
What I'm trying now is a defer at RCPT time on matching the helo name
with the above regex, and watching to see if any bona fide-looking
sources are getting caught. (Of course, we exclude our own senders
from this test!).