[Exim] forged HELO/EHLO addresses

Top Page
This message is part of the following thread:
M--\the complete thread tree sorted by date
M..MM 
M+\Luzynski, Steve at ->
Delete this message
Reply to this message
Author: David Snowden
Date:  
To: exim-users
Subject: [Exim] forged HELO/EHLO addresses
We have a director that uses "senders =" to restrict access to
certain features based on them being in our local domain.

However, I have noticed that if a spammer uses our local domain
name in a forged HELO/EHLO command then the director is fooled into
thinking that this message has originated locally and can use this
particular facility.

What would be the best way around this?

I could try using helo_verify_hosts to block the forged HELO/EHLOs, but
I seem to recall from previous discussions on the list that that can lead
to the rejection of a lot of genuine connections from misconfigured sites
whose HELO/EHLO address doesn't match the hostname from a reverse
DNS lookup of their IP address.

I am running exim 4.20.

Have other people encountered this sort of issue, and if so, how have
you got around it.

Thanks,

Dave



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] headers_add not working[Exim] Re: Router condition lookup: line-delimited file contains->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)