Re: [Exim] Forged hostname

Góra strony
Delete this message
Reply to this message
Autor: Jeff Green
Data:  
Dla: Ron McKeating, Exim-Users (E-mail)
Temat: Re: [Exim] Forged hostname
At 07:06 AM 7/7/04, Ron McKeating wrote:
>Hi all, we are seeing lots of spam with H=(our ip address) eg
>
>H=(158.125.1.193) [210.114.196.215]
>
>Spamassassin is catching most of them, but is there a good way to detect
>and block this in an exim acl. I am sure somebody is doing it already
>and it would save me reinventing the wheel.


I'll probably catch flack for doing this deny at this stage, but here's
what I use (the credit is someone else's, btw)

check_elo:

   # do not accept this host's own IP address
   deny  message = invalid greeting
         log_message = (ACL) Connecting host using our address in EHLO/HELO
         condition = ${if eq{$sender_helo_name}{24.234.158.164}{1}{0}}


   deny  message = invalid greeting
         !hosts = +relay_hosts
         log_message = (ACL) Connecting host using our domain/host name in
EHLO/HELO
         condition = ${if match{$sender_helo_name}{jbgreen.com}{1}{0}}
...
   accept


Adjust accordingly, of course. I still need to tweak the second one,
however, as it also traps Mozilla MUAs which don't use a host's FQDN for
some reason.

Best regards,

Jeffrey B. Green        Personal Computer Consultant - Las Vegas, Nevada
http//jbgreen.com       Networking Las Vegas Since 1986