On Tue, 6 Apr 2004, Christoph Kliemt wrote:
> Something like this (acl_smtp_mail) ?
>
> deny condition = ${if or { {!def:sender_helo_name} { eq {$sender_helo_name}{} }}{true}{false}}
> message = Polite people say HELO/EHLO first.
> deny condition = ${if eq {$sender_helo_name} {$primary_hostname}{true}{false}}
> message = You claim to be me? Go Away!
>
This is a great idea. I'd seen this kind of pattern for a while but the
solution was obvious (which is, of course a false statement on my part, if
it was obvous I'd've thought it up)
Something I did notice when checking logs, however, is that I get a order
of 100x more "HELO x.x.x.x" instead of "HELO primary_hostname" in my logs
(28000 vs 244 for yesterday for example) so I also added:
deny condition = ${if eq {$sender_helo_name}
{x.x.x.x}{true}{false}}
message = You claim to be me? Go Away!
where x.x.x.x is the public IP of the server. Most of the IPs using this
method were already listed in the various DNSBLs, but a DNS query saved...
Thanks again for the idea.
-S
--
Scott Call Router Geek, ATGi, home of $6.95 Prime Rib
I make the world a better place, I boycott Wal-Mart
VoIP incoming: +1 360-382-1814