Hello!
I have been using check_helo_slow for a while (I cannot recall where i found
it, and sa search in the list-archives came up blank, so i enclosed it
below)
But what i cant figure out is why messages such as the belo are accepted?
Because statler (where this ACL is) should detect that the "farell.tc" has
nothing to do with 220.83.164.21?
How can be a "strictoid" and reject anything that doesnt have a proper
reverse-DNS that matches the helo? (Exim 4.41)
Return-path: <elvis.donahue@???>
Envelope-to: j2@???
Delivery-date: Sun, 09 Jan 2005 15:50:06 +0100
Received: from [10.4.0.1] (helo=statler.mupp.net)
by cookiemonster.mupp.net with esmtp (Exim 4.41)
id 1CneO3-0001y2-Bb
for j2@???; Sun, 09 Jan 2005 15:49:47 +0100
Received: from [220.83.164.21] (helo=farrell.tc)
by statler.mupp.net with smtp (Exim 4.41)
id 1CneO0-0002v5-Rs
for nsi-contact@???; Sun, 09 Jan 2005 15:49:46 +0100
Received: from 159.138.64.198 by smtp.larsen.dk;
Sun, 09 Jan 2005 14:58:19 +0000
Message-ID: <2afa01c4f65b$852f7e97$f40dff21@???>
From: "Elvis Donahue" <elvis.donahue@???>
To: nsi-contact@???
Subject: Tadalafil Soft Tabs - Great results!
Date: Sun, 09 Jan 2005 17:57:48 +0300
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-mupp.net-MailScanner: Found to be clean
X-MailScanner-From: elvis.donahue@???
acl_check_helo_slow:
#accept authenticated = *
# Accept ip address, nothing to check
accept condition = ${if isip{$sender_helo_name}{yes}{no}}
# Get hostname
warn condition = ${if eq {$sender_host_name}{}{yes}{no}}
set acl_m8 = ${lookup dnsdb{ptr=$sender_host_address}\
{${lc:$value}}{}}
warn condition = ${if eq {$sender_host_name}{}{no}{yes}}
set acl_m8 = $sender_host_name
# Hostname matches HELO
accept condition = ${if match {$acl_m8}\
{${lc:$sender_helo_name}}{yes}{no}}
# Lookup HELO
warn set acl_m9 = ${lookup dnsdb{a=$sender_helo_name}{$value}{}}
warn condition = ${if eq {$acl_m9}{}{no}{yes}}
set acl_m9 = ${tr{$acl_m9}{\n}{:}}
# HELO resolves to ip
accept condition = ${if eq {$acl_m9}{}{no}{yes}}
condition = ${if match {$sender_host_address}\
{($acl_m9)}{yes}{no}}
# HELO does not exist and no rdns
deny condition = ${if eq {$acl_m9}{}{yes}{no}}
condition = ${if eq {$acl_m8}{}{yes}{no}}
message = Bad HELO: $sender_helo_name does not resolve\n\
Aditionally, $sender_host_address has no rDNS\n\
Please see RFC 2821 section 4.1.1.1,\n\
RFC 1123 section 6.1.1 and RFC 1912 section 2.1
# Accept bad/no rdns :(
accept condition = ${if eq {$acl_m8}{}{yes}{no}}
# If HELO is the domain of the sender, hostname must match HELO
deny condition = ${if eq {${lc:$sender_helo_name}}\
{${lc:$sender_address_domain}}{yes}{no}}
message = Forged HELO: you are $acl_m8\n\
please don't pretend to be $sender_helo_name
log_message = Forged HELO: Hostname does not match HELO
# Forged HELO (yahoo - international)
deny condition = ${if match {$sender_helo_name}{yahoo}{yes}{no}}
message = Forged HELO: you are not $sender_helo_name
log_message = Forged HELO: Not a yahoo server
# Check list of domains which HELO should match the hostname
warn set acl_m9 = ${lookup{$sender_helo_name} \
partial-lsearch{/etc/exim/helo-check} \
{${if eq{$value}{}{$sender_helo_name}{$value}}}{}}
# Not in match list
accept condition = ${if eq {$acl_m9}{}{yes}{no}}
# Forged HELO (HELO does not match host)
deny condition = ${if !match{$acl_m8}{$acl_m9}{yes}{no}}
message = Forged HELO: you are not $sender_helo_name
log_message = Forged HELO: Not a $acl_m9 server
# Everything fine
accept
