Autor: Alan J. Flavell Data: Dla: Exim users list Temat: Re: [Exim] exim fine-tuning
On Mon, 19 Apr 2004, Nigel Metheringham wrote:
> On Mon, 2004-04-19 at 10:39, Alan J. Flavell wrote:
> > 1) HELO domain matches one of our own domains
>
> > Cases 1 and 2 are surprisingly widespread, considering that they
> > appear to be a sure-fire indicator of abuse. It's a puzzle to me just
> > why abusers would make themselves so obvious: what do they hope to
> > gain from it? Is there -any- mailer where either of these options
> > yield some positive benefit?
>
> I've noticed that Thunderbird (separate MUA component from Mozilla) will
> HELO with the domain part of the sending email account address. Now
> this should only be talking to its local MTA/MSA. However it may be
> worth being careful with this test - ie hold the reject to the MAIL
> FROM: ACL and make that conditional on it not being authenticated...
OK, I omitted to say it in so many words, but from the fact that I
said we still accept mail to the postmaster or abuse addresses, you
could deduce that we don't reject on these HELO patterns until we get
to the RCPT ACL.
And I can confirm that senders who are allowed to relay (because they
are local, or because they authenticated as one of our users) don't
have these restrictions applied to them.