[exim] Help with helo check, please...

Página Inicial
Delete this message
Reply to this message
Autor: Toralf Lund
Data:  
Para: Exim Mailing List
Assunto: [exim] Help with helo check, please...
Something else I've experimented with the past few days, is the HELO
check options of Exim 4. Parts of the config used right now is included
below. The idea is to reject the message if the HELO/EHLO command
seriously violates the standards - or more specifically, if the address
is empty or contains a local name - and add warnings for other types if
errors.

Now, the reject bit actually seem to work, but I never see my warning,
even on messages where it's quite obvious that a non-standard HELO was
used. Can anyone spot the mistake?

Also, I've been trying to check against the local IP address as well in
check_helo, but haven't been able to figure out how. In particular,
or'ing "eq {$sender_helo_name}{$interface_address}" with the other test
appeared to have no effect (I still receive messages with "(helo=<the
servers's IP address>)" in the headers, that is. Any ideas why?

So, here is the config. Note that DOMAINS is a macro containing all
aliases for our domain name, separated by '|':

acl_smtp_helo = check_helo

[ ... ]

hostlist helo_check_hosts = !127.0.0.1 : \N!^(.*\.|)(DOMAINS)$\N

helo_try_verify_hosts = +helo_check_hosts

[ ... ]

check_recipient:
  require verify = sender
  require verify = recipient
  warn    hosts = +rbl_hosts
          message = X-RBL-Warning: $sender_host_address is listed at 
$dnslist_domain
          dnslists = 
list.dsbl.org:sbl.spamhaus.org:proxies.blackholes.easynet.nl:relays.ordb.org:bl.spamcop.net:dnsbl.njabl.org:cbl.abuseat.org
  warn    hosts = +helo_check_hosts
          !verify = helo
          message = X-Spam-Warning: Message sent with invalid HELO/EHLO 
($sender_host_name [$sender_host_address] presented itself as 
$sender_helo_name)
  accept  domains = +local_domains
  accept  hosts = +relay_hosts
  deny    message = relay not permitted


check_helo:
  accept hosts = !+helo_check_hosts
  deny condition = ${if eq{$sender_helo_name}{}{yes}{no}}
       message = RFCs mandate HELO/EHLO before mail can be sent
  deny condition = ${if match 
{${lc:$sender_helo_name}}{\N^(.*\.|)(DOMAINS)$\N}{1}{0}}
       message   = Do not pretend to be me, impostor!
  accept