Re: [Exim] rejecting based on HELO

Etusivu
Poista viesti
Vastaa
Lähettäjä: Andreas J Mueller
Päiväys:  
Vastaanottaja: Billy Harvey
Kopio: exim-users
Aihe: Re: [Exim] rejecting based on HELO
Hi Billy!

> I want to be able to reject at recipt time - that is if
> the actual IP address doesn't match the stated IP address, I want to
> reject the mail.


> Any guidance on this?


I recently posted the following ACL entry to the list, it will reject
the RCPT if HELO looks like an IP address, but does not match the
sending host:

  deny    condition     = ${if match{$sender_helo_name}{\N^\d+(\.\d+){3}$\N}\
                            {yes}{no}}
          condition     = ${if eq{$sender_helo_name}{$sender_host_address}\
                            {no}{yes}}
          message       = Invalid recipient
          log_message   = open proxy (HELO)


You should put it after accepting mail from authenticated hosts. Some
MUAs like to give the originating host's IP address as HELO, and that
may well differ from the actual IP address that you get to see if the
host is being masqueraded.

Andy