RE: [exim] helo checks

Top Page
Delete this message
Reply to this message
Author: Dickenson, Steven
Date:  
To: Steffen Heil, exim-users
CC: 
Subject: RE: [exim] helo checks
Steffen Heil wrote:
> So, how do you do helo check? Or, are you doing them at all?
> What is regarded as "good practice" ?


I'm doing the following HELO checks in my rcpt acl.

Some of these come from Tor's spam filtering document.
http://slett.net/spam-filtering-for-mx/


#########################################################
# Hello Checks
#########################################################

  # Deny servers that don't introduce themselves
  deny message  = HELO/EHLO required by SMTP RFC
       condition= ${if eq{$sender_helo_name}{}{yes}{no}}


  # If the remote host greets with an IP address, then reject the mail.
  deny
    message     = IP HELO/EHLO not allowed here. Use a FQDN.
    log_message = remote host used IP address in HELO/EHLO greeting
    condition   = ${if isip {$sender_helo_name}{true}{false}}


  # Likewise if the peer greets with one of our own names
  deny
    message     = Sorry, that domain belongs to us. Get your own.
    log_message = remote host used our name in HELO/EHLO greeting.
    condition   = ${if match_domain{$sender_helo_name}\


{$primary_hostname:+local_domains:+relay_to_domains}\
                       {true}{false}}


  # If HELO verification fails, we add a X-HELO-Warning: header in
  # the message.
  warn
    message     = X-HELO-Warning: Remote host $sender_host_address \
                  ${if def:sender_host_name {($sender_host_name) }}\
                  incorrectly presented itself as $sender_helo_name
    log_message = remote host presented unverifiable HELO/EHLO greeting.
    !verify     = helo


Steven
---
Steven Dickenson <sdickenson@???>
Computer Network Manager
The Key School, Annapolis Maryland