On Wed, Aug 27, 2003 at 12:18:16PM -0400, Wakko Warner wrote:
> > > Actually, you can. How many spammers authenticate to your server?
> > > You could put the helo check in the mail/rcpt and if they aren't
> > > authenticated, drop them. Of course if you have local users, you exclude
> > > them from the check entirely.
> > I had considered this as it goes and had even 'cued up' a mail for the
> > list on the topic (honest!!) I'd meant to give it more thought first though
> > before posting to the list.
> >
> > I'll grab the postponed mail now, any ideas would be most welcome :)
> >
> > Ok slightly confusing - this was in reply to a post on exim-users
> > entitled 'helo acl':
>
> If you check the helo string in the helo don't. Put it in the MAIL or RCPT
> acl. It would be IMO better in the MAIL because you can drop them easier
> and not accidentally make yourself an open relay.
>
> Something like:
> accept hosts = +relay_hosts : +helo_exclude_hosts : +other_hosts
> accept authenticated = *
> drop <helo check here>
> accept
<snip>
> > For the heck of it the ACL is simply:
> >
> > # Warn with bad EHLO/HELO:
> > warn message = "X-Warning: bad helo/ehlo detected - $sender_helo_name"
> > log_message = "Bad EHLO/HELO detected:$sender_helo_name"
> > condition = ${if match {$sender_helo_name}{\\.} {no}{yes}}
>
> that can work too. just add "!authenticated = *" before the condition
Understood. I'll have a quick look at adding the '!authenticated = *'
condition to what I have already and see how that pans out.
Is it not even more expedient to drop bad HELO/EHLOs in an acl_smtp_helo
ACL or is this potentially problematic? I'll play with this as well - I
should grab a test box to play with all of this, quite a few maillist
mails have bounced this afternoon whilst I've been testing :P
Thanks again for the tips.
--
Jez
http://www.munk.nu/
