[Exim] forged HELO/EHLO addresses

Page principale
Supprimer ce message
Répondre à ce message
Auteur: David Snowden
Date:  
À: exim-users
Sujet: [Exim] forged HELO/EHLO addresses
We have a director that uses "senders =" to restrict access to
certain features based on them being in our local domain.

However, I have noticed that if a spammer uses our local domain
name in a forged HELO/EHLO command then the director is fooled into
thinking that this message has originated locally and can use this
particular facility.

What would be the best way around this?

I could try using helo_verify_hosts to block the forged HELO/EHLOs, but
I seem to recall from previous discussions on the list that that can lead
to the rejection of a lot of genuine connections from misconfigured sites
whose HELO/EHLO address doesn't match the hostname from a reverse
DNS lookup of their IP address.

I am running exim 4.20.

Have other people encountered this sort of issue, and if so, how have
you got around it.

Thanks,

Dave