[Exim] forged HELO/EHLO addresses

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: David Snowden
Dátum:  
Címzett: exim-users
Tárgy: [Exim] forged HELO/EHLO addresses
We have a director that uses "senders =" to restrict access to
certain features based on them being in our local domain.

However, I have noticed that if a spammer uses our local domain
name in a forged HELO/EHLO command then the director is fooled into
thinking that this message has originated locally and can use this
particular facility.

What would be the best way around this?

I could try using helo_verify_hosts to block the forged HELO/EHLOs, but
I seem to recall from previous discussions on the list that that can lead
to the rejection of a lot of genuine connections from misconfigured sites
whose HELO/EHLO address doesn't match the hostname from a reverse
DNS lookup of their IP address.

I am running exim 4.20.

Have other people encountered this sort of issue, and if so, how have
you got around it.

Thanks,

Dave