Re: [Exim] forged HELO/EHLO addresses

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Sheldon Hearn
Dátum:  
Címzett: Tim Jackson
CC: exim-users
Tárgy: Re: [Exim] forged HELO/EHLO addresses
On (2003/11/12 14:17), Sheldon Hearn wrote:

> > helo_accept_junk_hosts or helo_allow_chars
> >
> > But please don't use them indiscriminately, because not only will you get
> > more junk, you'll encourage the people with misconfigured MTAs to believe
> > that they're in the right.
>
> As usual, Exim allows you to have your cake and eat it too. :-)


Ooops, I forgot that I have two completely separate configuration files
and Exim SMTP daemon instances for the outside world and staff relay.

For those who don't do this, it's probably quite important to include
this in the preconditions for the below-quoted ACL:

    hosts = !+relay_hosts : *


Ciao,
Sheldon.

> I have this in my Exim configure file:
>
> # In main:
> acl_smtp_helo = check_helo
> helo_allow_chars = _
>
> # In acls:
> check_helo:
>   #
>   # Deny illegal helo arguments from hosts whose operators haven't
>   # contacted us and asked us to work around their problematic
>   #configurations.
>   #
>   deny  message         = syntactically invalid argument(s): $sender_helo_name
>         condition       = \
>           ${if \
>             and { \
>               { match {$sender_helo_name}{_} } \
>               { \
>                 !eq \
>                   {${lookup{${lc:$sender_helo_name}} \
>                       lsearch{/usr/local/etc/exim/broken_helo_hosts} \
>                       {yes}{no} \
>                     }} \
>                   {yes} \
>               } \
>             } \
>             {true} \
>           }
>   #
>   accept