Re: [Exim] Blocking sobig.f

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMAlan J. Flavell at <-
MHarald Meland at ->
Delete this message
Reply to this message
Author: Alan J. Flavell
Date:  
To: Harald Meland
CC: Exim users list
Subject: Re: [Exim] Blocking sobig.f
On Thu, 21 Aug 2003, Harald Meland wrote:

(in relation to ACL match conditions)

> If you want the 'match' expansion condition in Exim to ignore case,
> you can include the internal regexp modifier '(?i)' (without the
> quotes) in the regexp.

Ah, thanks. As it happened, I wanted a case-*sensitive* match, but
wasn't entirely certain from the documentation that I would get it.

Problem is, we'd noticed that hosts infested with the problem were
going HELO with an unqualified name (i.e matched ^[-A-Z0-9]+$ ) but
that just a tiny number of bona fide hosts were sending us mail with
a HELO which was an unqualified name. However, the sobigs were all
in upper case, whereas the bona fides were in lower case.

What I'm trying now is a defer at RCPT time on matching the helo name
with the above regex, and watching to see if any bona fide-looking
sources are getting caught. (Of course, we exclude our own senders
from this test!).


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-RE: [Exim] Mail Stuck in QueueRe: [Exim] DHCP ext 69 and smarthost->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)