Re: [Exim] HELO syntax check at RCPT

Pàgina inicial
Delete this message
Reply to this message
Autor: Richard.Hall
Data:  
A: exim-users
Assumpte: Re: [Exim] HELO syntax check at RCPT
James,

On Sat, 3 Apr 2004, James P. Roberts wrote:

> Greetings,
>
> Is it possible to enforce the HELO/EHLO syntax check at RCPT time instead of
> HELO time? My logs are starting to fill up with junk from syntactically
> invalid hosts (yes those stupid underscores), that keep retrying many, many
> times.
>
> I do not wish to accept from these hosts. I just want to give them a 5xx at
> RCPT time so they will (hopefully) stop retrying.
>
> I probably just need more coffee. Any suggestions?


If you can't find anything stronger, Nescafe Gold Blend is a reasonable
substitute.

The particular case of underscores has cropped up many times here before.
I have the following in my config, derived from those contributions:-

# Many broken Exchange servers use '_' in the HELO data. If we reject at HELO
# time, they very often fail to deal with the problem; plus they cannot mail
# postmaster here (yippee!) to discuss the problem. So rather than using
# acl_smtp_helo, we allow it through the HELO by specifying

helo_allow_chars = _

# and then check it later, in acl_smtp_rcpt, _after_ we have got past the
# postmaster exception.

... and later, in the RCPT ACL ...

# This one is a composite from several suggestions

  deny message       = Rejected because of unacceptable syntax in \
                       HELO/EHLO name:\n\
                       $sender_helo_name\n\
                       This is commonly associated with misconfigured mail \
                       software;\n\
                       see RFC2821 section 4.1.2 for legal domain syntax.\n\
                       For assistance please contact postmaster@$domain
       log_message   = invalid HELO syntax $sender_helo_name
       ####condition     = ${if match {$sender_helo_name} {_} {1} {0}}
       condition     = ${if and { \
                          { match {$sender_helo_name} {_} } \
                          { eq {${lookup {$sender_helo_name} \
                                         lsearch {SPAMDIR/HELO-except-hosts} \
                                         {Y} {N} }} \
                               {N} } \
                                } \
                            {yes} {no} }



(Sorry about the layout!)


I haven't found it necessary (yet) myself, but I guess if you needed to do
other checks at HELO time, eg because the necessary info isn't available
at RCPT time, you could save the result in a $acl_mN variable, and then
test that at RCPT time. Hopefully the mechanism is fairly obvious.

>
> Regards,
> Jim Roberts
> Punster Productions, Inc.


HTH,
Richard Hall