Re: [Exim] rejecting based on HELO

Top Pagina
Delete this message
Reply to this message
Auteur: Oliver Eikemeier
Datum:  
Aan: Andreas J Mueller
CC: exim-users
Onderwerp: Re: [Exim] rejecting based on HELO
Andreas J Mueller wrote:

> Hi Billy!
>
>>I want to be able to reject at recipt time - that is if
>>the actual IP address doesn't match the stated IP address, I want to
>>reject the mail.
>
>>Any guidance on this?
>
> I recently posted the following ACL entry to the list, it will reject
> the RCPT if HELO looks like an IP address, but does not match the
> sending host:
>
>   deny    condition     = ${if match{$sender_helo_name}{\N^\d+(\.\d+){3}$\N}\
>                             {yes}{no}}
>           condition     = ${if eq{$sender_helo_name}{$sender_host_address}\
>                             {no}{yes}}
>           message       = Invalid recipient
>           log_message   = open proxy (HELO)

>
> You should put it after accepting mail from authenticated hosts. Some
> MUAs like to give the originating host's IP address as HELO, and that
> may well differ from the actual IP address that you get to see if the
> host is being masqueraded.


What does your ACL with:

HELO 195.227.083.221