On Tue, 30 Mar 2004 18:01:17 +0100 Bruce Richardson <itsbruce@???> wrote:
> On Tue, Mar 30, 2004 at 09:58:13AM -0700, Aaron Dalton wrote:
> > I would like to reject certain messages based on the "received from"
> > domain. At first I tried "sender_domain" but that only verifies
> > (apparently) the "mail from:" address. I am assuming that somewhere
> > there is a variable that contains the domain that actually "helo"'d.
> > How can I access this information and ACL it? The Exim documentation
> > is pretty sparse on this particular ACL form.
> Rejecting on the helo parameter is useless, as many clients put junk in
> there. In addition, rejecting on HELO can often mean that the remote
> client, if it is an mta, repeatedly tries to resend.
so reject on HELO at RCPT TO: time.
i disagree that rejecting on HELO is useless. there are a number of
inexpensive heuristics that work pretty well on the HELO/EHLO
args:
reject hosts that claim to be me
reject hosts that HELO with my IP
reject host where the HELO parameter is out of conformance with the
RFCs (it must be an FQDN or a IP in [] characters.)
this simple set of rules kills a lot of spam and virus traffic with minimal
false positives.
richard
--
Richard Welty rwelty@???
Averill Park Networking 518-573-7592
Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
