Hi Konrad, on Tue, 20 Jan 2004 09:41:18 +0000 you wrote:
> So what I was wondering was whether anyone know of any more
> comprehensive list of dynamic IP address ranges:
SORBS have one. However, before you do that, have you done any HELO
checks? There have been many examples posted here but a couple which I've
found are quite effective (especially against the stuff coming from DSL
lines) and "cheap" to do are:
# Forged hostname - HELOs as my own hostname or domain
deny message = Forged hostname detected in HELO:$sender_helo_name
hosts = !+relay_from_hosts
!authenticated = *
condition = ${lookup {$sender_helo_name} \
lsearch{/etc/exim/blocked_helos}{yes}{no}}
where /etc/exim/blocked_helos contains a list of hostnames associated with
my server. (i.e. any hostnames which have an A to its IP address and are
used in MX records)
also:
# Forged hostname - HELOs as one of my own IPs
deny message = Forged IP detected in HELO: $sender_helo_name
hosts = !+relay_from_hosts
!authenticated = *
condition = ${if \
eq{$sender_helo_name}{$interface_address}{yes}{no}}
I take no credit (or blame ;) for these; they came from this list
originally. They've been working well for me though.
Tim
