Re: [Exim] exim HELO ack

Top Page
Delete this message
Reply to this message
Author: Jez Hancock
Date:  
To: Exim Users List
Subject: Re: [Exim] exim HELO ack
On Wed, Aug 27, 2003 at 12:18:16PM -0400, Wakko Warner wrote:
> > > Actually, you can. How many spammers authenticate to your server?
> > > You could put the helo check in the mail/rcpt and if they aren't
> > > authenticated, drop them. Of course if you have local users, you exclude
> > > them from the check entirely.
> > I had considered this as it goes and had even 'cued up' a mail for the
> > list on the topic (honest!!) I'd meant to give it more thought first though
> > before posting to the list.
> >
> > I'll grab the postponed mail now, any ideas would be most welcome :)
> >
> > Ok slightly confusing - this was in reply to a post on exim-users
> > entitled 'helo acl':
>
> If you check the helo string in the helo don't. Put it in the MAIL or RCPT
> acl. It would be IMO better in the MAIL because you can drop them easier
> and not accidentally make yourself an open relay.
>
> Something like:
>     accept hosts = +relay_hosts : +helo_exclude_hosts : +other_hosts
>     accept authenticated = *
>     drop <helo check here>
>     accept

<snip>
> > For the heck of it the ACL is simply:
> >
> >   # Warn with bad EHLO/HELO:
> >     warn message = "X-Warning: bad helo/ehlo detected - $sender_helo_name"
> >         log_message = "Bad EHLO/HELO detected:$sender_helo_name"
> >         condition = ${if match {$sender_helo_name}{\\.} {no}{yes}}

>
> that can work too. just add "!authenticated = *" before the condition

Understood. I'll have a quick look at adding the '!authenticated = *'
condition to what I have already and see how that pans out.

Is it not even more expedient to drop bad HELO/EHLOs in an acl_smtp_helo
ACL or is this potentially problematic? I'll play with this as well - I
should grab a test box to play with all of this, quite a few maillist
mails have bounced this afternoon whilst I've been testing :P

Thanks again for the tips.
--
Jez

http://www.munk.nu/