Re: Re[2]: [Exim] exim HELO ack

Página Inicial
Delete this message
Reply to this message
Autor: Wakko Warner
Data:  
Para: Kevin Reed
CC: 'Exim Users List'
Assunto: Re: Re[2]: [Exim] exim HELO ack
> I'm catching them with bad TZ date headers and a check for pif and scr
> attachments. Where I am at, I've got too much real mail arriving with bad
> Helo's so for right now, I am simply marking them in the logs so later I can
> do a survey to look at the stituation longer.
>
>         warn    log_message = BROKEN HELO/EHLO: Hello doesn't look like a
> hostname ($sender_helo_name)
> #       drop    message = BROKEN HELO/EHLO: Hello doesn't look like a
> hostname ($sender_helo_name)
>                 condition = ${if match{$sender_helo_name} \
>                                       {\N^[^.].*\.[^.]+$\N} \
>                                  {no}{yes} \
>                              }

>
> 2003-08-27 09:10:07 H=[212.145.142.47] Warning: BROKEN HELO/EHLO: Hello
> doesn't look like a hostname (slanvwy)


That's more likely a spam. Every occurence of sobig I've seen have the HELO
in all caps. a check for ^[A-Z0-9_-]+$ should catch sobig but not outlook
(as I've seen with outlook2000). Outlook2000 helos in all lowercase.

--
Lab tests show that use of micro$oft causes cancer in lab animals