James P. Roberts <punster@???> wrote:
> Greetings,
>
> Is it possible to enforce the HELO/EHLO syntax check at RCPT time
> instead of HELO time? My logs are starting to fill up with junk from
> syntactically invalid hosts (yes those stupid underscores), that keep
> retrying many, many times.
>
> I do not wish to accept from these hosts. I just want to give them a
> 5xx at RCPT time so they will (hopefully) stop retrying.
>
> I probably just need more coffee. Any suggestions?
Sure - use helo_accept_junk_hosts or helo_accept_chars to prevent exim from
rejecting them at HELO time, then write a condition which inspects
$sender_helo_name and use it in your acl-smt-rcpt acl.
This one, for example, rejects recipients who HELOd with our IP address :
deny message = Forged IP detected in HELO: $sender_helo_name
hosts = !+relay_from_hosts
log_message = HELOd with our IP: $sender_helo_name
condition = ${if \
eq{$sender_helo_name}{$interface_address}{yes}{no}}
Maybe you want
condition = $if { match { $sender_helo_name} {*_*} {yes}{no}}
to find HELO names with underscores.
(untested)
There isn't (AFAIK) a generic test for a legal helo name - you need to roll
your own.
Peter