[Exim] forged HELO/EHLO addresses

Góra strony
Delete this message
Reply to this message
Autor: David Snowden
Data:  
Dla: exim-users
Temat: [Exim] forged HELO/EHLO addresses
We have a director that uses "senders =" to restrict access to
certain features based on them being in our local domain.

However, I have noticed that if a spammer uses our local domain
name in a forged HELO/EHLO command then the director is fooled into
thinking that this message has originated locally and can use this
particular facility.

What would be the best way around this?

I could try using helo_verify_hosts to block the forged HELO/EHLOs, but
I seem to recall from previous discussions on the list that that can lead
to the rejection of a lot of genuine connections from misconfigured sites
whose HELO/EHLO address doesn't match the hostname from a reverse
DNS lookup of their IP address.

I am running exim 4.20.

Have other people encountered this sort of issue, and if so, how have
you got around it.

Thanks,

Dave