Re: [Exim] blocking fake yahoo and hotmail

Top Page
Delete this message
Reply to this message
Author: Kevin Reed
Date:  
To: exim-users
Subject: Re: [Exim] blocking fake yahoo and hotmail
Alan J. Flavell said:
> On Sat, 29 Nov 2003, Kevin Reed wrote:
>
>> Marc Haber said:
>> > On Fri, 21 Nov 2003 06:29:36 -0500, Suresh Ramasubramanian
>> > <linux@???> wrote:
>> >>If HELO yahoo.com comes from an IP with non yahoo rDNS, DENY - don't
>> >>waste time deferring it.
>> >
>> > Nice idea. Do you have that recipe in acl syntax for a cookbook?
>>
>> There is a sample of it on the forum.
>>
>> http://exim.got-there.com/forums/viewtopic.php?p=465#465
>
> That looks handy, thanks. However, note that the recipe contains just
> yahoo.com, but we get quite a number of spammers HELO'ing with
> yahoo.fr, yahoo.ca, yahoo.co.uk (possibly others too). I'm not sure
> what host names would show up if there was ever a genuine offer from
> one of those - all the entries that I can see in the log appear to be
> abusive.


The idea was that you can now add as many other domains you want to the
file and it will work without changing the configuration file.

I've already added yahoo.ca yahoo.co.uk to my real one. I've also added
ones that would never be valid like:

atd-clan.de
9bit.qc.ca
weblnk.net
online-bill.com
notmydesk.com

As it has the same effect.

> Could we reject outright on those HELOs, I wonder?
>
> Genuine calls from yahoo hosts seem to present the host name (random
> example: n26.grp.scd.yahoo.com) in the HELO. Hotmail is the opposite:
> many different host names (random example: law11-f54.law11.hotmail.com)
> consistently presenting just "hotmail.com" in the HELO.


The ACL will accept a hotmail.com only in the helo as long as the right
most portion of the domain from the rDNS matches it.

So, helo of "hotmail.com" will match law11-f54.law11.hotmail.com

--
Kevin W. Reed - TNET Services, Inc.
Unoffical Exim MTA Info Forums - http://exim.got-there.com/forums