Re: [exim] Help with helo check, please...

Top Page
Delete this message
Reply to this message
Author: Toralf Lund
Date:  
To: Exim Mailing List
Subject: Re: [exim] Help with helo check, please...
Toralf Lund wrote:

> Something else I've experimented with the past few days, is the HELO
> check options of Exim 4. Parts of the config used right now is
> included below. The idea is to reject the message if the HELO/EHLO
> command seriously violates the standards - or more specifically, if
> the address is empty or contains a local name - and add warnings for
> other types if errors.
>
> Now, the reject bit actually seem to work, but I never see my warning,
> even on messages where it's quite obvious that a non-standard HELO was
> used. Can anyone spot the mistake?
>
> Also, I've been trying to check against the local IP address as well
> in check_helo, but haven't been able to figure out how. In particular,
> or'ing "eq {$sender_helo_name}{$interface_address}" with the other
> test appeared to have no effect (I still receive messages with
> "(helo=<the servers's IP address>)" in the headers, that is. Any ideas
> why?


Seems like the missing warning header issue is resolved by a reorg of
the ACL. I now have:

    check_recipient:
      require verify = sender
      require verify = recipient
      accept  hosts = +relay_hosts
      require message = relay not permitted
          domains = +local_domains
      warn    message = X-RBL-Warning: $sender_host_address is listed at
    $dnslist_domain
              dnslists =
    list.dsbl.org:sbl.spamhaus.org:proxies.blackholes.easynet.nl:relays.ordb.org:bl.spamcop.net:dnsbl.njabl.org:cbl.abuseat.org
      warn   !verify = helo
              message = X-Spam-Warning: Message sent with invalid
    HELO/EHLO ($sender_host_name [$sender_host_address] presented itself
    as $sender_helo_name)
          log_message = $sender_host_name [$sender_host_address]
    presented itself as $sender_helo_name
      accept



Note that instead of having "host" conditionals in the warn directives,
I now try to make sure they just are never reached for hosts I don't
want to check.

Also, the IP address test in check_helo seems to work if I hardcode the
address like this:

    deny condition = ${if or {{eq
    {$sender_helo_name}{193.214.130.4}}{match
    {${lc:$sender_helo_name}}{\N^(.*\.|)(DOMAINS)$\N}}}{1}{0}}
           message   = Do not pretend to be me, impostor


So maybe $interface_address just isn't set the way I expected. (Any
ideas why?)

Another question is what header to add. As you can see, I've used
"X-Spam-Warning" but that's not necessarily final. Any opinions?

- Toralf