Re: [Exim] New HELO check suite

Top Page
Delete this message
Reply to this message
Author: Marc MERLIN
Date:  
To: Philip Hazel
CC: exim-users
Old-Topics: Re: [Exim] condition syntax question
Subject: Re: [Exim] New HELO check suite
On Tue, May 25, 2004 at 03:46:02PM +0100, Philip Hazel wrote:
> On Mon, 24 May 2004, Marc MERLIN wrote:
>
> > So, I have this value:
> > domainlist local_domains = @ : @[] : localhost : MAILNAME : LISTDOMAIN : CONFDIR/domains/localdomains : CONFDIR/domains/localdomains_norewrite
> >
> > And I'd like to have an ACL test against it:
> >
> > # Forged HELOs
> >   deny    message       = Forged hostname detected in HELO - $sender_helo_name
> >           hosts         = !+relay_from_hosts
> >           log_message   = Forged hostname detected in HELO - $sender_helo_name
> >           condition     = ${lookup {$sender_helo_name} +local_domains}{yes}{no}}

> >
> > Of course, the last line is invalid, but I just wrote it to show what I'm
> > trying to do
> >
> > Any suggestions?
>
> Read NewStuff 4.33/2.


Always one step ahead of us, aren't you? :)

Yes, this is exactly what I needed, thank you very much.
Actually I found a very very small hitch
match_domain{host.domain.tld.}{+domainlist}
doesn't match due to the trailing '.', but matches if I remove it.


In return, here's a newer HELO checker suite if people are interested (the
last one is thanks to your new option).
This is for running in the rcpt to ACL, and I didn't write all of those
ACLs, some come from some of you :)


  deny    message       = "HELO/EHLO required by SMTP RFC"
          condition     = ${if eq{$sender_helo_name}{}{yes}{no}}
.ifdef TEERGRUBE
          delay         = TEERGRUBE
.endif


  deny    message       = "Invalid domain or IP given in HELO/EHLO"
         !condition     = ${if match{$sender_helo_name}{\\\.}{yes}{no}}
.ifdef TEERGRUBE
          delay         = TEERGRUBE
.endif


  deny    message       = Forged IP detected in HELO (it's mine) - $sender_helo_name
          hosts         = !+relay_from_hosts
          condition     = ${if eq{$sender_helo_name}{$interface_address}{yes}{no}}
.ifdef TEERGRUBE
          delay         = TEERGRUBE
.endif


  deny    message       = Forged IP detected in HELO - $sender_helo_name != $sender_host_address
          hosts         = !+relay_from_hosts
          condition     = ${if match{$sender_helo_name}{\N^\d+(\.\d+){3}$\N} {yes}{no}}
          condition     = ${if eq{$sender_helo_name}{$sender_host_address} {no}{yes}}
.ifdef TEERGRUBE
          delay         = TEERGRUBE
.endif


  deny    message       = Forged hostname detected in HELO - $sender_helo_name
          # accept helo which is in local_domain if we relay or had smtp auth
          hosts         = !+relay_from_hosts
         !authenticated = *
          log_message   = Forged hostname detected in HELO - $sender_helo_name
          condition     = ${if match_domain{$sender_helo_name}{+local_domains} {yes}{no}}
.ifdef TEERGRUBE
          delay         = TEERGRUBE
.endif



Best,
Marc
--
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/   |   Finger marc_f@??? for PGP key