Re: [Exim] rejecting based on HELO

Top Page
Delete this message
Reply to this message
Author: Andreas J Mueller
Date:  
To: Billy Harvey
CC: exim-users
Subject: Re: [Exim] rejecting based on HELO
Hi Billy!

> I want to be able to reject at recipt time - that is if
> the actual IP address doesn't match the stated IP address, I want to
> reject the mail.


> Any guidance on this?


I recently posted the following ACL entry to the list, it will reject
the RCPT if HELO looks like an IP address, but does not match the
sending host:

  deny    condition     = ${if match{$sender_helo_name}{\N^\d+(\.\d+){3}$\N}\
                            {yes}{no}}
          condition     = ${if eq{$sender_helo_name}{$sender_host_address}\
                            {no}{yes}}
          message       = Invalid recipient
          log_message   = open proxy (HELO)


You should put it after accepting mail from authenticated hosts. Some
MUAs like to give the originating host's IP address as HELO, and that
may well differ from the actual IP address that you get to see if the
host is being masqueraded.

Andy