[Exim] acl_smtp_helo question

Página Inicial
Delete this message
Reply to this message
Autor: Kyle Dippery
Data:  
Para: Exim Mailing List
Assunto: [Exim] acl_smtp_helo question
So I was poking at acl_smtp_helo today, and had the usual checks
set up: deny if the caller identifies itself as me by IP,
hostname, or domain. In practice, it's all working fine -
there's a slew of "rejected EHLO or HELO" lines in the log file,
frequently (but not always) followed by "unexpected disconnection
while reading SMTP command".

But at one point I telnetted to my server to test it, and
noticed that if I ignored the "Bad HELO:" message and proceeded
on to "MAIL FROM:", I was able to complete my message normally.

Is this supposed to happen? Or am I mis-understanding something?
I'd kind of expect that when an invalid HELO is given, that exim
wouldn't accept any more mail commands until a valid one was
presented, but I'm ignorant and there may be reasons why that's
not the case.

Again, it seems to be working fine in normal operation, but the
telnet session had me wondering...

The relevant config lines:

acl_check_helo:

  deny hosts = !+relay_from_hosts
       condition = ${if eq{$sender_helo_name} \
                          {<my IP>} \
                     {yes}{no}}
       log_message = Bad HELO: says hes me
       message = Bad HELO: Dont use my IP as your HELO. \
                 Contact postmaster@<my domain> with complaints.



And the telnet session output:

system1:~> telnet <system2> 25
Trying <system2's IP>...
Connected to <system2>
Escape character is '^]'.
220 <system2> ESMTP Exim 4.30 Wed, 17 Mar 2004 09:11:37 -0500
HELO <system2's IP2>
550-Bad HELO: Dont use my IP as your HELO. Contact postmaster@<my.domain> with
550 complaints.
MAIL FROM: <me@system1>
250 OK
RCPT TO: <me@system2>
250 Accepted
DATA
354 Enter message, ending with "." on a line by itself
yo yo.
.
250 OK id=1B3bmI-000CS6-Dk
quit


(And, just in case y'all are wondering, it's the "Contact
postmaster" bit that I was working on this morning. I was
wondering if it's possible to accept particular addresses in the
HELO acl, and decided just to move the checks back to the RCPT
acl, instead...)

Thanks,
Kyle
--
Kyle Dippery
Engineering Computing Services        Phone: (859) 257-1346
280 Anderson Hall                   Fax:   (859) 323-3848
University of Kentucky
Lexington, KY  40506-0046