Re: [Exim] forged HELO/EHLO addresses

Página Inicial
Delete this message
Reply to this message
Autor: David Saez
Data:  
Para: Suresh Ramasubramanian
CC: Alan J. Flavell, Exim Users Mailing List
Assunto: Re: [Exim] forged HELO/EHLO addresses
Hi !!

> Helo filtering is something that, done right, gives us near zero
> collateral damage for relatively simple rules.


We have also being rejecting based on helo with almost no false
positives and now it produces about 50% of rejections, one simple
helo rule will catch lots of viruses that rewrite the infected
windows computer name and use it as the helo:

# Forged HELO (DOMAIN.com)

drop    message       = Forged HELO not welcome, you are not
$sender_helo_name
        log_message   = Forged HELO: $sender_helo_name
        condition     = ${if match \


{$sender_helo_name}{\N^[A-Z0-9]+\.[a-z]+$\N}{yes}{no}}

I will be pleased to see other's people helo based rules, maybe it
will be good to make some kind of rule complitation and make it
available to others.

--
Best regards ...

Don't ask me, I'm making this up as I go!

----------------------------------------------------------------
   David Saez Padros                http://www.ols.es
   On-Line Services 2000 S.L.       e-mail  david@???
   Pintor Vayreda 1                 telf    +34 902 50 29 75
   08184 Palau-Solita i Plegamans   movil   +34 670 35 27 53
----------------------------------------------------------------