Billy Harvey [9/4/2003 12:28 AM] :
> More and more of the spam I receive is sending the HELO line with *my*
> IP address. In the Received headers this is easy enough to see and
> auto-delete, but I want to be able to reject at recipt time - that is if
> the actual IP address doesn't match the stated IP address, I want to
> reject the mail.
>
> Any guidance on this?
>
> Please cc me on any responses.
>
I posted this to exim-users quite a while back.
In acl_check_rcpt -
# Be polite and say HELO. Reject anything from hosts that havn't given
# a valid HELO/EHLO to us.
deny condition = ${if \
or{{!def:sender_helo_name}{eq{$sender_helo_name}{}}}{yes}{no}}
message = RFCs mandate HELO/EHLO before mail can be sent
# Forged HELOs
deny message = Forged hostname detected in HELO - $sender_helo_name
hosts = !+relay_from_hosts
log_message = Forged hostname detected in HELO - $sender_helo_name
condition = ${lookup {$sender_helo_name}
lsearch{/usr/local/etc/exim/local_domains}{yes}{no}}
deny message = Forged IP detected in HELO - $sender_helo_name
hosts = !+relay_from_hosts
log_message = Forged IP detected in HELO: $sender_helo_name
condition = ${if
eq{$sender_helo_name}{$interface_address}{yes}{no}}
