[Exim] Verifying and requiring HELO.

Top Pagina
Delete this message
Reply to this message
Auteur: David Woodhouse
Datum:  
Aan: exim-users
Onderwerp: [Exim] Verifying and requiring HELO.
I have the following ACLs for acl_smtp_helo and acl_smtp_mail
respectively:

check_helo:
  deny condition = ${if match{$sender_helo_name}{^.*_}{1}{0}}
       message = Connection rejected. Underscores in HELO are not permitted by RFC2821.\nFix your broken mail server and try again.
  accept
#!!# ACL that is used after the RCPT command


check_sender:
  deny condition = ${if !def:sender_helo_name {1}{0}}
       message = You must identify yourself with HELO or EHLO before sending mail.
  accept


The first is because I want to give a slightly more helpful message when
presented with an underscore in a hostname, and the second is because
RFC2821 says (in §4.1.4) "A session that will contain mail transactions
MUST first be initialized by use of the EHLO command."

However, I find that my server now accepts "HELO _\nMAIL FROM:<>".
Although the HELO ACL fails, $sender_helo_name still remains set.

Obviously I can just check for the bogus underscore again in the MAIL
ACL too, but is there a way for me to clear $sender_helo_name, and
shouldn't that have happened automatically when the HELO ACL returned
'deny'?

--
dwmw2