Re: [exim] Anti SPAM Exim configuration

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMMarc Perkel at <-
MJan-Peter Koopmann at ->
Delete this message
Reply to this message
Author: Christian Stiller
Date:  
To: Exim users list
Subject: Re: [exim] Anti SPAM Exim configuration
>>>No pretending they are one of my domains in HELO
>>
>>That's a "kill on sight", for sure.
>
> Unfortunately there seem to be clients out there that HELO with the domain
> from the From: header and/or envelope, regardless of the actual hostname.
> Not many, but it can cause problems especially if you don't know where your
> users might send from so can't cover them with an exception for your own
> IP address space.

But - if your clients can send from anywhere, you will have them
authenticate, right?

In that case, move these checks from the HELO ACL to the MAIL ACL (which
is after the client should have authenticated). Then do a check for
authenticated first and accept if that is true. This allows your users
to send. Then, do all the checks for your IP/hostname, for a fully
qualified domain name, etc.

If someone is not authenticated in this phase, it's a mailserver and not
a user. And a mailserver using your domain in the HELO should be rejected.

Christian


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Anti SPAM Exim configurationRE: [exim] Anti SPAM Exim configuration->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)