I guess you found out that some worms/ virus are behaving in souch
a manor
but keep in mind, that e.g. mozilla/netscape are also sending "HELO
your.domain.tld" . So it could be a "legal" client that wants to send his
mail....
On 4 May 2004 at 19:20, Suresh Ramasubramanian wrote:
> Silmar A. Marca wrote:
>
> > How to Reject helo if helo is domain?
> > Example:
> > - helo dommain.com.br
> > - ....
> > - rcpt to: <xxx@???>
> > 5xx Reject helo....
>
> This one is C049 in the config.samples tarball
>
> > How to Reject if "Message-ID:" header using a rcpt domain?
> > - ...
> > - rcpt to: <xxx@???>
> > - data
>
> You can modify the above ruleset for this.
>
> But this is prone to false positives - unless you have
>
> 1. inbound and outbound mailservers separated and apply this only to
> inbound
>
> or
>
> 2. exempt trusted ips and authenticated users from this check
>
> As for the message-id check, are you sure your user X isnt going to
> use some other smtp server but from / message id are x@???,
> to mail y@???, or support@???
>
> srs
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/ ##
>
>
