Re: [Exim] matching sender_helo_name in a named list

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Franz Georg Köhler
Datum:  
To: exim-users
Betreff: Re: [Exim] matching sender_helo_name in a named list
On Di, Apr 20, 2004 at 07:45:31 +0200, Anand Buddhdev <anand@???> wrote:
> I'm using exim 4.32. At the top of my configuration, I have the
> following:
>
> domainlist local_domains = mysql;select distinct domain from users \
> where domain='$domain';
>
> I then use the named list "local_domains" in various tests in the RCPT
> ACL.
>
> One of the tests I want to do is to see if $sender_helo_name matches
> any of the domain in "local_domains", and if so, to reject the RCPTs,
> because the sender should not be using one of my local domain names in
> the HELO. This check happens after the check for authentication, so my
> users won't have a problem, even if they use silly mail clients like
> Thunderbird (which insists on using the domain name in one's email
> address in the HELO command).
>
> So, how can I do this test? I've looked at the documentation, and I
> can't seem to figure out a way of doing this (I could write my local
> domains into a file, and do a lookup, but I want to avoid that,
> because then the mysql DB and the file have to be kept in sync).


This is what I use:

  deny    message = Invalid HELO ($sender_helo_name): Your name is hard to believe.
          hosts   = !+relay_from_hosts
          log_message = Forged HELO detected
          condition = ${if eq {${lc:$sender_helo_name}}{${lc:$domain}}{yes}{no}}


It will only catch the receipient's domain in HELO, though.
This is sufficient for me since SPAMmers often use the receipient's
domain as HELO.

Additionally, I'm blocking my primary hostname, my interface-address and
"localhost" in foreign HELOs.

I'm doing this for 2 days now and have catched lots of unwanted mail.