On Thu, 2003-12-04 at 16:07 +0100, Matthias Lewandowski wrote:
> try this:
>
> http://exim.got-there.com/forums/viewtopic.php?p=465#465
Cute. But the last part of the ACL forces a reverse-lookup even for
hosts which aren't in host_lookup and which haven't given a HELO
greeting matching anything in the helo-check list.
If we split the ${if and...} into two separate conditions, we can avoid
this:
# Drop the connection if the reverse DNS isn't in the HELO domain
drop log_message = HELO MISMATCH Forged HELO for ($sender_helo_name)
message = You are not really $sender_helo_name. Go Away.
condition = ${if !eq{$acl_m9}{} {1}}
condition = ${if !match{$sender_host_name}{${rxquote:$acl_m9}\N$\N} {1}}
delay = 30s
Btw, the host_lookup setting in the default configuration file might
usefully be changed from '*' to '!2002::/16'. There's no point
attempting reverse DNS on the 2002::/16 6to4 range.
--
dwmw2
