Re: [Exim] rejecting based on HELO

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Andreas J Mueller
日付:  
To: Billy Harvey
CC: exim-users
題目: Re: [Exim] rejecting based on HELO
Hi Billy!

> I want to be able to reject at recipt time - that is if
> the actual IP address doesn't match the stated IP address, I want to
> reject the mail.


> Any guidance on this?


I recently posted the following ACL entry to the list, it will reject
the RCPT if HELO looks like an IP address, but does not match the
sending host:

  deny    condition     = ${if match{$sender_helo_name}{\N^\d+(\.\d+){3}$\N}\
                            {yes}{no}}
          condition     = ${if eq{$sender_helo_name}{$sender_host_address}\
                            {no}{yes}}
          message       = Invalid recipient
          log_message   = open proxy (HELO)


You should put it after accepting mail from authenticated hosts. Some
MUAs like to give the originating host's IP address as HELO, and that
may well differ from the actual IP address that you get to see if the
host is being masqueraded.

Andy