Something else I've experimented with the past few days, is the HELO
check options of Exim 4. Parts of the config used right now is included
below. The idea is to reject the message if the HELO/EHLO command
seriously violates the standards - or more specifically, if the address
is empty or contains a local name - and add warnings for other types if
errors.
Now, the reject bit actually seem to work, but I never see my warning,
even on messages where it's quite obvious that a non-standard HELO was
used. Can anyone spot the mistake?
Also, I've been trying to check against the local IP address as well in
check_helo, but haven't been able to figure out how. In particular,
or'ing "eq {$sender_helo_name}{$interface_address}" with the other test
appeared to have no effect (I still receive messages with "(helo=<the
servers's IP address>)" in the headers, that is. Any ideas why?
So, here is the config. Note that DOMAINS is a macro containing all
aliases for our domain name, separated by '|':
acl_smtp_helo = check_helo
[ ... ]
hostlist helo_check_hosts = !127.0.0.1 : \N!^(.*\.|)(DOMAINS)$\N
helo_try_verify_hosts = +helo_check_hosts
[ ... ]
check_recipient:
require verify = sender
require verify = recipient
warn hosts = +rbl_hosts
message = X-RBL-Warning: $sender_host_address is listed at
$dnslist_domain
dnslists =
list.dsbl.org:sbl.spamhaus.org:proxies.blackholes.easynet.nl:relays.ordb.org:bl.spamcop.net:dnsbl.njabl.org:cbl.abuseat.org
warn hosts = +helo_check_hosts
!verify = helo
message = X-Spam-Warning: Message sent with invalid HELO/EHLO
($sender_host_name [$sender_host_address] presented itself as
$sender_helo_name)
accept domains = +local_domains
accept hosts = +relay_hosts
deny message = relay not permitted
check_helo:
accept hosts = !+helo_check_hosts
deny condition = ${if eq{$sender_helo_name}{}{yes}{no}}
message = RFCs mandate HELO/EHLO before mail can be sent
deny condition = ${if match
{${lc:$sender_helo_name}}{\N^(.*\.|)(DOMAINS)$\N}{1}{0}}
message = Do not pretend to be me, impostor!
accept