Re: [Exim] exim fine-tuning

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\Nigel Metheringham at <-
MMSuresh Ramasubramanian at ->
Delete this message
Reply to this message
Author: Alan J. Flavell
Date:  
To: Exim users list
Subject: Re: [Exim] exim fine-tuning
On Mon, 19 Apr 2004, Nigel Metheringham wrote:

> On Mon, 2004-04-19 at 10:39, Alan J. Flavell wrote:
> > 1) HELO domain matches one of our own domains
>
> > Cases 1 and 2 are surprisingly widespread, considering that they
> > appear to be a sure-fire indicator of abuse. It's a puzzle to me just
> > why abusers would make themselves so obvious: what do they hope to
> > gain from it? Is there -any- mailer where either of these options
> > yield some positive benefit?
>
> I've noticed that Thunderbird (separate MUA component from Mozilla) will
> HELO with the domain part of the sending email account address. Now
> this should only be talking to its local MTA/MSA. However it may be
> worth being careful with this test - ie hold the reject to the MAIL
> FROM: ACL and make that conditional on it not being authenticated...

OK, I omitted to say it in so many words, but from the fact that I
said we still accept mail to the postmaster or abuse addresses, you
could deduce that we don't reject on these HELO patterns until we get
to the RCPT ACL.

And I can confirm that senders who are allowed to relay (because they
are local, or because they authenticated as one of our users) don't
have these restrictions applied to them.

Thanks for prompting the clarification.


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] Frozen messages showing <>[Exim] need help with smtp-auth client (exim4)->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)