Re: [Exim] Fake servers and virus Block (Fake heloname and f…

Top Page
Delete this message
Reply to this message
Author: Odhiambo G. Washington
Date:  
To: exim-users
Subject: Re: [Exim] Fake servers and virus Block (Fake heloname and fake message-id)
* Silmar A. Marca <marca@???> [20040526 17:17]: wrote:
> I'm use a solution, and block 99% of spams and virus before exim_scan:
> ...
> #Prevent "DEFER" messages in dnsdb (I' try other solutions, but this is only run
> correctly)
> dns_again_means_nonexist = !+local_domains : !+relay_to_domains
> ...
> acl_check_helo:
>   accept hosts          = +relay_from_hosts
>   drop   log_message    = "DENY - Helo - $sender_helo_name open proxy detected"
>          message        = Open Proxy in HELO/EHLO (HELO was $sender_helo_name)
>          condition      = ${if
> eq{${sender_helo_name}}{${sender_host_address}}{no}{yes}}
>          condition      = ${if isip {$sender_helo_name}{true}{false}}

>
>   drop   log_message    = "DENY - Helo - $sender_helo_name forged heloname
> detected"
>          message        = No you are not ME or OURS (HELO was $sender_helo_name)
>          condition      = ${if match {${lookup
> dnsdb{a=$sender_helo_name}{$value}{}}} \
>                                {$interface_address} \
>                               {true}{false}}
> ...
> acl_check_data:
> ...
>   deny   log_message    = "DENY: Header - Message-ID or X-Mailer not found"
>          message        = RFC2822 says you SHOULD have a Message-ID or
> X-Mailer\n\
>                           Most messages without it are spam, so your mail has
> been rejected
>          hosts          = !+relay_from_hosts
>          !senders       = :
>          !authenticated = *
>          condition      = ${if and {{!def:h_Message-ID:}{!def:h_X-Mailer:}} {1}}

>
>   deny   log_message    = "DENY - Header - Message-ID $h_Message-ID forged
> detected"
>          message        = No you are not ME or OURS (Message-ID was
> ${domain:$h_Message-ID:})
>          hosts          = !+relay_from_hosts
>          condition      = ${if match {${lookup
> dnsdb{a=${domain:$h_Message-ID:}}{$value}{}}} \
>                                {$interface_address} \
>                               {true}{false}}


I'd simply say your observation is inaccurate, if not incorrect. We do
things like this (except the message-id one) but spam still come here in
hordes ;)



        cheers
       - wash
+----------------------------------+-----------------------------------------+
Odhiambo Washington                     . WANANCHI ONLINE LTD (Nairobi, KE)  |
<wash at wananchi dot com>              . 1ere Etage, Loita Hse, Loita St.,  |
GSM: (+254) 722 743 223                 . # 10286, 00100 NAIROBI             |
GSM: (+254) 733 744 121                 . (+254) 020 313 985 - 9             |
+---------------------------------+------------------------------------------+
"Oh My God! They killed init! You Bastards!"
                         --from a /. post