Re: [Exim] forged HELO/EHLO addresses

Top Page
Delete this message
Reply to this message
Author: Sheldon Hearn
Date:  
To: Tim Jackson
CC: exim-users
Subject: Re: [Exim] forged HELO/EHLO addresses
On (2003/11/12 14:17), Sheldon Hearn wrote:

> > helo_accept_junk_hosts or helo_allow_chars
> >
> > But please don't use them indiscriminately, because not only will you get
> > more junk, you'll encourage the people with misconfigured MTAs to believe
> > that they're in the right.
>
> As usual, Exim allows you to have your cake and eat it too. :-)


Ooops, I forgot that I have two completely separate configuration files
and Exim SMTP daemon instances for the outside world and staff relay.

For those who don't do this, it's probably quite important to include
this in the preconditions for the below-quoted ACL:

    hosts = !+relay_hosts : *


Ciao,
Sheldon.

> I have this in my Exim configure file:
>
> # In main:
> acl_smtp_helo = check_helo
> helo_allow_chars = _
>
> # In acls:
> check_helo:
>   #
>   # Deny illegal helo arguments from hosts whose operators haven't
>   # contacted us and asked us to work around their problematic
>   #configurations.
>   #
>   deny  message         = syntactically invalid argument(s): $sender_helo_name
>         condition       = \
>           ${if \
>             and { \
>               { match {$sender_helo_name}{_} } \
>               { \
>                 !eq \
>                   {${lookup{${lc:$sender_helo_name}} \
>                       lsearch{/usr/local/etc/exim/broken_helo_hosts} \
>                       {yes}{no} \
>                     }} \
>                   {yes} \
>               } \
>             } \
>             {true} \
>           }
>   #
>   accept