RE: Re[2]: [Exim] exim HELO ack

Página Inicial
Delete this message
Reply to this message
Autor: Kevin Reed
Data:  
Para: 'Exim Users List'
Assunto: RE: Re[2]: [Exim] exim HELO ack

Richard Welty
> Sent: Wednesday, August 27, 2003 6:25 AM
> To: Exim Users List
> Subject: Re[2]: [Exim] exim HELO ack
>
>
> On Wed, 27 Aug 2003 12:05:25 +0100 Jez Hancock
> <jez.hancock@???> wrote:
>
> > Personally I'm not overwhelmed by spammers or other abusers
> who misuse
> > the HELO/EHLO command and I can't justify denying or
> dropping clients
> > based solely on the fact that they don't use a FQDN or even
> an address
> > literal in their HELO/EHLO - a lot of my users use OE which
> appears to
> > not adhere to this anyway.
>
> but some of us are getting pounded pretty good by Sobig.F
> coming from windoze systems with non-FQDN HELO strings, and
> it's a good way to recognize and drop those connections fast
> and keep our loads down.


I'm catching them with bad TZ date headers and a check for pif and scr
attachments. Where I am at, I've got too much real mail arriving with bad
Helo's so for right now, I am simply marking them in the logs so later I can
do a survey to look at the stituation longer.

        warn    log_message = BROKEN HELO/EHLO: Hello doesn't look like a
hostname ($sender_helo_name)
#       drop    message = BROKEN HELO/EHLO: Hello doesn't look like a
hostname ($sender_helo_name)
                condition = ${if match{$sender_helo_name} \
                                      {\N^[^.].*\.[^.]+$\N} \
                                 {no}{yes} \
                             }


2003-08-27 09:10:07 H=[212.145.142.47] Warning: BROKEN HELO/EHLO: Hello
doesn't look like a hostname (slanvwy)