On Di, Apr 20, 2004 at 07:45:31 +0200, Anand Buddhdev <anand@???> wrote:
> I'm using exim 4.32. At the top of my configuration, I have the
> following:
>
> domainlist local_domains = mysql;select distinct domain from users \
> where domain='$domain';
>
> I then use the named list "local_domains" in various tests in the RCPT
> ACL.
>
> One of the tests I want to do is to see if $sender_helo_name matches
> any of the domain in "local_domains", and if so, to reject the RCPTs,
> because the sender should not be using one of my local domain names in
> the HELO. This check happens after the check for authentication, so my
> users won't have a problem, even if they use silly mail clients like
> Thunderbird (which insists on using the domain name in one's email
> address in the HELO command).
>
> So, how can I do this test? I've looked at the documentation, and I
> can't seem to figure out a way of doing this (I could write my local
> domains into a file, and do a lookup, but I want to avoid that,
> because then the mysql DB and the file have to be kept in sync).
This is what I use:
deny message = Invalid HELO ($sender_helo_name): Your name is hard to believe.
hosts = !+relay_from_hosts
log_message = Forged HELO detected
condition = ${if eq {${lc:$sender_helo_name}}{${lc:$domain}}{yes}{no}}
It will only catch the receipient's domain in HELO, though.
This is sufficient for me since SPAMmers often use the receipient's
domain as HELO.
Additionally, I'm blocking my primary hostname, my interface-address and
"localhost" in foreign HELOs.
I'm doing this for 2 days now and have catched lots of unwanted mail.