Re: [Exim] ACL to block specific Hello & IP

Top Page
Delete this message
Reply to this message
Author: Scott Call
Date:  
To: exim-users
Subject: Re: [Exim] ACL to block specific Hello & IP
On Tue, 6 Apr 2004, Tor Slettnes wrote:

> You could do that; and rather than hardcoding an IP address, I would do
> the following:
>
>       deny message   = You claim to be me?  Go away!
>            condition = ${if eq {$sender_helo_name}{$interface_address} \
>                             {true}{false}}


The only problem with this is my server is behind a layer 4 switch (load
baalancer) so $interface_address is not the public address.


> But frankly, _any_ IP address in a HELO/EHLO greeting is invalid, so
> long as it is not an IP literal enclosed within square brackets:
>       EHLO [192.168.1.2]

>
>
> Thus, I would (and do):
>
>       deny message   = You greeted me with an IP address.  I want your
> name.
>            condition = ${if isip {$sender_helo_name}{true}{false}}

>


Nice. I'll have to double check my logs make sure I don't have any
boneheaded customers breaking the rfc and maybe implement that.

Thanks
-S

--
Scott Call    Router Geek, ATGi, home of $6.95 Prime Rib
I make the world a better place, I boycott Wal-Mart
VoIP incoming: +1 360-382-1814