Re: [exim] Are we being harsh

Top Page
Delete this message
Reply to this message
Author: Ian Eiloart
Date:  
To: Marc Perkel, Ron McKeating
CC: Exim-Users \(E-mail\)
Subject: Re: [exim] Are we being harsh


--On April 4, 2005 06:30:25 -0700 Marc Perkel <marc@???> wrote:

> I'd add the "_" character to your condition. Even though it's not legal -
> it's somewhat common.


Actually, it is common among open relays. Typically it means that the
remote mta has been set up by mistake and is relaying spam. I don't accept
mail with underscores in the HELO string. I get about one complaint per
year, and its always been resolved by the other party fixing the string.

> Ron McKeating wrote:
>
>> We have a complain because we rejected an email that looked like a
>> forged hello, here is our log entry
>>
>> 2005-04-02 16:02:44 H=mail1.gov.im (KEWAIGUE.mailsec) [217.23.170.232]
>> rejected EHLO or HELO kewaigue.mailsec: Forged HELO: constructed by
>> viruses KEWAIGUE.mailsec
>>
>> the acl we use to check for this is
>>
>> # Hacked HELO (DOMAIN.com) (constructed by viruses)
>>
>>  drop    condition     = ${if match \
>>                          {$sender_helo_name}{\N^[A-Z0-9]+\.[a-z]+$
>> \N}{yes}{no}}          condition     = ${if match \
>>                          {$sender_helo_name}{\N^[0-9]+\.[a-z]+$
>> \N}{no}{yes}}
>>          message       = Hacked HELO: you are not $sender_helo_name
>>          log_message   = Forged HELO: constructed by viruses
>> $sender_helo_name

>>
>>
>> The user says they have no trouble sending to other sites, we say they
>> should set their server up with a proper hello name.
>>
>> Are we being too harsh ?
>>
>> Ron
>>
>>




--
Ian Eiloart
Servers Team
Sussex University ITS