Re: [Exim] forged HELO/EHLO addresses

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Sheldon Hearn
Datum:  
To: Tim Jackson
CC: exim-users
Betreff: Re: [Exim] forged HELO/EHLO addresses
On (2003/11/12 14:17), Sheldon Hearn wrote:

> > helo_accept_junk_hosts or helo_allow_chars
> >
> > But please don't use them indiscriminately, because not only will you get
> > more junk, you'll encourage the people with misconfigured MTAs to believe
> > that they're in the right.
>
> As usual, Exim allows you to have your cake and eat it too. :-)


Ooops, I forgot that I have two completely separate configuration files
and Exim SMTP daemon instances for the outside world and staff relay.

For those who don't do this, it's probably quite important to include
this in the preconditions for the below-quoted ACL:

    hosts = !+relay_hosts : *


Ciao,
Sheldon.

> I have this in my Exim configure file:
>
> # In main:
> acl_smtp_helo = check_helo
> helo_allow_chars = _
>
> # In acls:
> check_helo:
>   #
>   # Deny illegal helo arguments from hosts whose operators haven't
>   # contacted us and asked us to work around their problematic
>   #configurations.
>   #
>   deny  message         = syntactically invalid argument(s): $sender_helo_name
>         condition       = \
>           ${if \
>             and { \
>               { match {$sender_helo_name}{_} } \
>               { \
>                 !eq \
>                   {${lookup{${lc:$sender_helo_name}} \
>                       lsearch{/usr/local/etc/exim/broken_helo_hosts} \
>                       {yes}{no} \
>                     }} \
>                   {yes} \
>               } \
>             } \
>             {true} \
>           }
>   #
>   accept