Re: [Exim] exim fine-tuning

Góra strony
Delete this message
Reply to this message
Autor: Alan J. Flavell
Data:  
Dla: Exim users list
Temat: Re: [Exim] exim fine-tuning
On Mon, 19 Apr 2004, Nigel Metheringham wrote:

> On Mon, 2004-04-19 at 10:39, Alan J. Flavell wrote:
> > 1) HELO domain matches one of our own domains
>
> > Cases 1 and 2 are surprisingly widespread, considering that they
> > appear to be a sure-fire indicator of abuse. It's a puzzle to me just
> > why abusers would make themselves so obvious: what do they hope to
> > gain from it? Is there -any- mailer where either of these options
> > yield some positive benefit?
>
> I've noticed that Thunderbird (separate MUA component from Mozilla) will
> HELO with the domain part of the sending email account address. Now
> this should only be talking to its local MTA/MSA. However it may be
> worth being careful with this test - ie hold the reject to the MAIL
> FROM: ACL and make that conditional on it not being authenticated...


OK, I omitted to say it in so many words, but from the fact that I
said we still accept mail to the postmaster or abuse addresses, you
could deduce that we don't reject on these HELO patterns until we get
to the RCPT ACL.

And I can confirm that senders who are allowed to relay (because they
are local, or because they authenticated as one of our users) don't
have these restrictions applied to them.

Thanks for prompting the clarification.