>>>>> "Tor" == Tor Slettnes <tor@???> writes:
Tor> Another way would be:
Tor> # Deny if $sender_helo_name resolves to our own address
Tor> #
Tor> deny message = Forged hostname detected in HELO - $sender_helo_name
Tor> hosts = !+relay_from_hosts
Tor> !authenticated = *
Tor> log_message = Forget hostname detected in HELO - $sender_helo_name
Tor> condition = ${if eq {${lookup dnsdb{a=$sender_helo_name}{$value}}} \
Tor> {$interface_address} \
Tor> {yes}{no}}
That'll lose you some mail from sites where the HELO name is actually
a valid FQDN, but isn't resolvable from outside the sender's network
(I've seen that happen several times for various reasons). In such cases
the "deny" above may end up deferring the mail indefinitely, since the
dnsdb lookup will cause it to defer on a query timeout or SERVFAIL.
With recent releases that's fixable:
warn set acl_c0 =
set acl_c0 = ${lookup dnsdb{a=$sender_helo_name}{$value}}
deny message = whatever your message is
hosts = !+relay_from_hosts
!authenticated = *
condition = ${if eq{$acl_c0}{$interface_address} {yes}{no}}
Having the lookup inside a "warn" statement rather than a "deny" statement
stops the whole ACL from deferring if the lookup defers.
--
Andrew, Supernews
http://www.supernews.com
