[Exim] Fake servers and virus Block (Fake heloname and fake …

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
MOdhiambo G. Washington at ->
Delete this message
Reply to this message
Author: Silmar A. Marca
Date:  
To: exim-users
Subject: [Exim] Fake servers and virus Block (Fake heloname and fake message-id)
I'm use a solution, and block 99% of spams and virus before exim_scan:
...
#Prevent "DEFER" messages in dnsdb (I' try other solutions, but this is only run
correctly)
dns_again_means_nonexist = !+local_domains : !+relay_to_domains
...
acl_check_helo:
  accept hosts          = +relay_from_hosts
  drop   log_message    = "DENY - Helo - $sender_helo_name open proxy detected"
         message        = Open Proxy in HELO/EHLO (HELO was $sender_helo_name)
         condition      = ${if
eq{${sender_helo_name}}{${sender_host_address}}{no}{yes}}
         condition      = ${if isip {$sender_helo_name}{true}{false}}


  drop   log_message    = "DENY - Helo - $sender_helo_name forged heloname
detected"
         message        = No you are not ME or OURS (HELO was $sender_helo_name)
         condition      = ${if match {${lookup
dnsdb{a=$sender_helo_name}{$value}{}}} \
                               {$interface_address} \
                              {true}{false}}
...
acl_check_data:
...
  deny   log_message    = "DENY: Header - Message-ID or X-Mailer not found"
         message        = RFC2822 says you SHOULD have a Message-ID or
X-Mailer\n\
                          Most messages without it are spam, so your mail has
been rejected
         hosts          = !+relay_from_hosts
         !senders       = :
         !authenticated = *
         condition      = ${if and {{!def:h_Message-ID:}{!def:h_X-Mailer:}} {1}}


  deny   log_message    = "DENY - Header - Message-ID $h_Message-ID forged
detected"
         message        = No you are not ME or OURS (Message-ID was
${domain:$h_Message-ID:})
         hosts          = !+relay_from_hosts
         condition      = ${if match {${lookup
dnsdb{a=${domain:$h_Message-ID:}}{$value}{}}} \
                               {$interface_address} \
                              {true}{false}}
...
Cordialmente, Silmar A. Marca
GrupoGSN - Desenvolvimento, Implantação e Verificação de Servidores
Profissionais baseados em Linux/Novell
http://www.grupogsn.com.br/~marca/
------------------------------------------------------------
Se algo não lhe faz mal (fisico, moral ou psicologicamente),
experimente! O máximo e você perder tempo! E tempo, e
o que você tem a vida toda pra perder.....
Mais vale um instante de prazer que uma eternidade fútil!
------------------------------------------------------------








This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[Exim] demime check question..RE: [Exim] exiscan-acl-4.24-22 - SPF support->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)