Re: [Exim] rejecting based on HELO

Top Page
Delete this message
Reply to this message
Author: Walt Reed
Date:  
To: Billy Harvey
CC: exim-users
Subject: Re: [Exim] rejecting based on HELO
On Wed, Sep 03, 2003 at 02:58:08PM -0400, Billy Harvey said:
> More and more of the spam I receive is sending the HELO line with *my*
> IP address. In the Received headers this is easy enough to see and
> auto-delete, but I want to be able to reject at recipt time - that is if
> the actual IP address doesn't match the stated IP address, I want to
> reject the mail.


This is what I use in the RCPT acl although it is more broad that you
asked for:

  deny    ! hosts  = /etc/exim4/whitelist
          message = Message Rejected: HELO hostname must not be an IP address
          condition = ${if match{$sender_helo_name}{\N^\[?\d+\.\d+\.\d+\.\d+\]?$\N}{yes}{no} }


This allows me to whitelist any sender that does use an IP address as
the helo hostname. I have not found ANY legit mailservers that use an IP
address as the helo hostname so I deny them all, even though IP
addresses is acceptable behavior according to the RFC's.

You could replace the expression with your IP address and this should
work.