Re: [Exim] rejecting based on HELO

Top Page
Delete this message
Reply to this message
Author: Suresh Ramasubramanian
Date:  
To: Billy Harvey
CC: exim-users
Subject: Re: [Exim] rejecting based on HELO
Billy Harvey [9/4/2003 12:28 AM] :

> More and more of the spam I receive is sending the HELO line with *my*
> IP address. In the Received headers this is easy enough to see and
> auto-delete, but I want to be able to reject at recipt time - that is if
> the actual IP address doesn't match the stated IP address, I want to
> reject the mail.
>
> Any guidance on this?
>
> Please cc me on any responses.
>


I posted this to exim-users quite a while back.

In acl_check_rcpt -


# Be polite and say HELO. Reject anything from hosts that havn't given
# a valid HELO/EHLO to us.
  deny condition = ${if \
    or{{!def:sender_helo_name}{eq{$sender_helo_name}{}}}{yes}{no}}
           message = RFCs mandate HELO/EHLO before mail can be sent


# Forged HELOs
  deny    message = Forged hostname detected in HELO - $sender_helo_name
          hosts   = !+relay_from_hosts
          log_message = Forged hostname detected in HELO - $sender_helo_name
         condition = ${lookup {$sender_helo_name}
lsearch{/usr/local/etc/exim/local_domains}{yes}{no}}


  deny message = Forged IP detected in HELO - $sender_helo_name
         hosts = !+relay_from_hosts
         log_message = Forged IP detected in HELO: $sender_helo_name
         condition = ${if
eq{$sender_helo_name}{$interface_address}{yes}{no}}