Re: [Exim] Spam blacklist

Top Page
Delete this message
Reply to this message
Author: Tim Jackson
Date:  
To: exim-users
Subject: Re: [Exim] Spam blacklist
Hi Konrad, on Tue, 20 Jan 2004 09:41:18 +0000 you wrote:

> So what I was wondering was whether anyone know of any more
> comprehensive list of dynamic IP address ranges:


SORBS have one. However, before you do that, have you done any HELO
checks? There have been many examples posted here but a couple which I've
found are quite effective (especially against the stuff coming from DSL
lines) and "cheap" to do are:

# Forged hostname - HELOs as my own hostname or domain
deny   message        = Forged hostname detected in HELO:$sender_helo_name
       hosts          = !+relay_from_hosts
       !authenticated = *
       condition      = ${lookup {$sender_helo_name} \
                          lsearch{/etc/exim/blocked_helos}{yes}{no}}



where /etc/exim/blocked_helos contains a list of hostnames associated with
my server. (i.e. any hostnames which have an A to its IP address and are
used in MX records)

also:

# Forged hostname - HELOs as one of my own IPs

deny   message        = Forged IP detected in HELO: $sender_helo_name
       hosts          = !+relay_from_hosts
       !authenticated = *
       condition      = ${if \
eq{$sender_helo_name}{$interface_address}{yes}{no}}



I take no credit (or blame ;) for these; they came from this list
originally. They've been working well for me though.


Tim