[exim] Are we being harsh

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Ron McKeating
Datum:  
To: Exim-Users (E-mail)
Betreff: [exim] Are we being harsh
We have a complain because we rejected an email that looked like a
forged hello, here is our log entry

2005-04-02 16:02:44 H=mail1.gov.im (KEWAIGUE.mailsec) [217.23.170.232]
rejected EHLO or HELO kewaigue.mailsec: Forged HELO: constructed by
viruses KEWAIGUE.mailsec

the acl we use to check for this is

# Hacked HELO (DOMAIN.com) (constructed by viruses)

  drop    condition     = ${if match \
                          {$sender_helo_name}{\N^[A-Z0-9]+\.[a-z]+$
\N}{yes}{no}}          condition     = ${if match \
                          {$sender_helo_name}{\N^[0-9]+\.[a-z]+$
\N}{no}{yes}}
          message       = Hacked HELO: you are not $sender_helo_name
          log_message   = Forged HELO: constructed by viruses
$sender_helo_name



The user says they have no trouble sending to other sites, we say they
should set their server up with a proper hello name.

Are we being too harsh ?

Ron

--
Ron McKeating
Senior IT Services Specialist
Computing Services
Loughborough University
01509 222329