Autor: Christian Stiller Data: Dla: Exim users list Temat: Re: [exim] Anti SPAM Exim configuration
>>>No pretending they are one of my domains in HELO >>
>>That's a "kill on sight", for sure.
>
> Unfortunately there seem to be clients out there that HELO with the domain
> from the From: header and/or envelope, regardless of the actual hostname.
> Not many, but it can cause problems especially if you don't know where your
> users might send from so can't cover them with an exception for your own
> IP address space.
But - if your clients can send from anywhere, you will have them
authenticate, right?
In that case, move these checks from the HELO ACL to the MAIL ACL (which
is after the client should have authenticated). Then do a check for
authenticated first and accept if that is true. This allows your users
to send. Then, do all the checks for your IP/hostname, for a fully
qualified domain name, etc.
If someone is not authenticated in this phase, it's a mailserver and not
a user. And a mailserver using your domain in the HELO should be rejected.