Re: AW: [Exim] yahoo.com makes callout senderverify unusable…

Top Page
Delete this message
Reply to this message
Author: David Woodhouse
Date:  
To: Matthias Lewandowski
CC: 'Richard Welty', exim-users
Subject: Re: AW: [Exim] yahoo.com makes callout senderverify unusable!?
On Thu, 2003-12-04 at 16:07 +0100, Matthias Lewandowski wrote:
> try this:
>
> http://exim.got-there.com/forums/viewtopic.php?p=465#465


Cute. But the last part of the ACL forces a reverse-lookup even for
hosts which aren't in host_lookup and which haven't given a HELO
greeting matching anything in the helo-check list.

If we split the ${if and...} into two separate conditions, we can avoid
this:

  # Drop the connection if the reverse DNS isn't in the HELO domain
  drop  log_message = HELO MISMATCH Forged HELO for ($sender_helo_name)
      message = You are not really $sender_helo_name. Go Away.
      condition = ${if !eq{$acl_m9}{} {1}}
      condition = ${if !match{$sender_host_name}{${rxquote:$acl_m9}\N$\N} {1}}
      delay = 30s


Btw, the host_lookup setting in the default configuration file might
usefully be changed from '*' to '!2002::/16'. There's no point
attempting reverse DNS on the 2002::/16 6to4 range.

--
dwmw2