RE: [exim] HELO eth1

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\leo at <-
MMSteffen Heil at ->
Delete this message
Reply to this message
Author: Peter Savitch
Date:  
To: leo
CC: exim-users
Subject: RE: [exim] HELO eth1
Hello,

I don't see any harm using real-world HELO on eth0/eth1, but if you'd
like to...

To fix your _advertised_ HELO/EHLO string use string-expanded global
option smtp_banner, but with caution ($interface_address is not always
set, at least in -bs it's null): 


smtp_banner =\
  ${if and{\
            {def:interface_address}\
            {eq{${interface_address}}{1.1.1.1}}\
          } {1.1.1.1.domain.org}{other.domain.org}} ESMTP $tod_full



You can do things like ${mask:...} etc. But again, I don't see anything
useful but

smtp_banner = $primary_hostname ESMTP $tod_full

Where $primary_hostname is set to something real-world/external, not
internal.host.domain.org. Exim uses $primary_hostname implicitly anyway
(for 421 lost input connection and the like).

If your internals do not like forged HELO, fix them, not the gateway.
These things (hosts in the internal networks) are the only ones you are
able to control, I guess :)

Some world systems do not like forward/reverse DNS name mismatch.
Some do not like the forged HELOs (discover the list archives). For
example, I don't like HELOs with my own domains and drop the session
immediately (when I turned it on in a HELO acl, about 80% viruses are
gone away, that was unbelievable!): 

### XXX DANGEROUS ACL, requires Exim 4.4x ###
acl_helo:
deny    message = No, I AM $sender_helo_name, and who the hell are you?
log_message = Blocked by relay_domains matching
condition = ${if match_domain{$sender_helo_name}{+relay_domains}
{yes}{no} }


accept
### END

And, you are recommended to hide the Exim version everywhere (including
Received headers) for security reasons, like this:

received_header_text =\
Received: \
${if def:sender_rcvhost {from $sender_rcvhost\n\t}\
{${if def:sender_ident {from $sender_ident }}\
${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}\
by $primary_hostname \
${if def:received_protocol {with $received_protocol}}\n\t\
id $message_id\
${if def:received_for {\n\tfor $received_for}}

Everybody would see your Exim anyway (because it's special message-id),
but not everybody would discover which version you use...

Take care, gatekeeper ;-)

-----Original Message-----
From: exim-users-bounces@??? [mailto:exim-users-bounces@exim.org]
On Behalf Of leo@???
Sent: Wednesday, September 01, 2004 9:27 AM
To: exim-users@???
Subject: [exim] HELO eth1

I have a serverthat is connected to two different subnet, on two
different
domains, on two tifferent ISP [actually the thing is wanted, to have
more
"network availability"].
Usually it uses the official network on eth0.
If this is not workink however connections are routed throught et1.
I have noticed seeing some message sent this way that the server on helo

give always is "official" domain name, that is hostname.sub.domain.it
even if it
uses eth1 that is mx.domain.net
(Incidentally: reverse DNS for eth0 address point to hostname.domain.it,


...


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] Header_syntax question.[exim] BerkeleyDB in ACL or transport->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)