Re: [Exim] rejecting based on HELO

Top Page
Delete this message
Reply to this message
Author: Oliver Eikemeier
Date:  
To: Billy Harvey
CC: exim-users
Subject: Re: [Exim] rejecting based on HELO
Billy Harvey wrote:

> More and more of the spam I receive is sending the HELO line with *my*
> IP address. In the Received headers this is easy enough to see and
> auto-delete, but I want to be able to reject at recipt time - that is if
> the actual IP address doesn't match the stated IP address, I want to
> reject the mail.
>
> Any guidance on this?


I use:

 deny   message    = Faked IP in HELO/EHLO
        condition  = ${if match{$sender_helo_name}{\N^\d{1,3}(\.\d{1,3}){3}$\N}{yes}{no}}
       !verify     = helo


it does not work in the HELO ACL (yet), but you should give your local users
a chance to AUTH first anyway, so put it the MAIL or RCPT ACL.

Regards
    Oliver