Re: [Exim] rejecting based on HELO

Top Page
Delete this message
Reply to this message
Author: James P. Roberts
Date:  
To: Wakko Warner, Billy Harvey
CC: exim-users
Subject: Re: [Exim] rejecting based on HELO
----- Original Message -----
From: "Wakko Warner" <wakko@???>
To: "Billy Harvey" <Billy.Harvey@???>
Cc: <exim-users@???>
Sent: Wednesday, September 03, 2003 6:19 PM
Subject: Re: [Exim] rejecting based on HELO


> > More and more of the spam I receive is sending the HELO line with *my*
> > IP address. In the Received headers this is easy enough to see and
> > auto-delete, but I want to be able to reject at recipt time - that is if
> > the actual IP address doesn't match the stated IP address, I want to
> > reject the mail.
> >
> > Any guidance on this?
>
> I use this:
> drop message = You may not use an HELO of this system's IP address
> log_message = HELO of this system's IP
> condition = ${if eq{$sender_helo_name}{216.98.75.249} \
> {yes}{no} \
>      }

>
> Of course, replace the IP with your IP or $interface_address (I think that's
> right). This machine is behind a firewall so I have to use an IP.
>
> I have this in my HELO acl. Thus far, anyone tripping on it doesn't come
> back seconds/minutes later. But if they do, they get DROPped on the floor
> by iptables.
>


Wakko,

Could you share how you get Exim to cause an IP to be added to your iptables
blacklist? I imagine it's really obvious (to someone who has already done
it). ;) I am guessing you trigger an external script that adds the offending
IP to iptables rule? Details (example?) would be appreciated, if possible.

Thanks,
Jim Roberts
Punster Productions, Inc.