At 07:06 AM 7/7/04, Ron McKeating wrote:
>Hi all, we are seeing lots of spam with H=(our ip address) eg
>
>H=(158.125.1.193) [210.114.196.215]
>
>Spamassassin is catching most of them, but is there a good way to detect
>and block this in an exim acl. I am sure somebody is doing it already
>and it would save me reinventing the wheel.
I'll probably catch flack for doing this deny at this stage, but here's
what I use (the credit is someone else's, btw)
check_elo:
# do not accept this host's own IP address
deny message = invalid greeting
log_message = (ACL) Connecting host using our address in EHLO/HELO
condition = ${if eq{$sender_helo_name}{24.234.158.164}{1}{0}}
deny message = invalid greeting
!hosts = +relay_hosts
log_message = (ACL) Connecting host using our domain/host name in
EHLO/HELO
condition = ${if match{$sender_helo_name}{jbgreen.com}{1}{0}}
...
accept
Adjust accordingly, of course. I still need to tweak the second one,
however, as it also traps Mozilla MUAs which don't use a host's FQDN for
some reason.
Best regards,
Jeffrey B. Green Personal Computer Consultant - Las Vegas, Nevada
http//jbgreen.com Networking Las Vegas Since 1986
