[exim] recommended host_lookup ACL´s ** needa little help **

Top Page
Delete this message
Reply to this message
Author: user therion
Date:  
To: Exim Users
Subject: [exim] recommended host_lookup ACL´s ** needa little help **
hi all,
I´m trying and playing around with some acl´s making
my exim more secure and better protected against
spammers.
Gone so far:

1) added to main:

host_lookup = !+relay_from_hosts

(!+relay_from_host to NOT make lookups on internal
senders)

2) added to acl_check_rcpt:

Deny Hosts without reverse DNS
deny message = Broken Reverse DNS  no host name found
for IP address $sender_host_address
     hosts = !+relay_from_hosts
     !verify = reverse_host_lookup


# Check and see if some one is trying to impersonate
my server/hosts
# check and see if the HELO is a match on my domain
# would catch wananchi.com, somehost.wananchi.com, etc
# or if the HELO is my address
deny message = No you are not ME or OURS (HELO was
$sender_helo_name)
     hosts   = !+relay_from_hosts
     log_message = Forged hostname detected in HELO:
$sender_helo_name
     condition   = ${if or {\


{eq{$sender_helo_name}{$interface_address}}\

{match{${lc:$sender_helo_name}}{${lc:$qualify_domain}}}}\
                {yes}{no}}


# Now check the hostname.
# First check and see if the HOSTNAME is a match on my
domain
# But skip if the hostname is blank

deny  message  = No you are not ME or OURS (HOSTNAME
was $sender_host_name)
      hosts    = !+relay_from_hosts
      log_message = Forged IP detected in HELO:
$sender_helo_name
      condition   = ${if and {\
                    {!eq{$sender_host_name}{}}\


{eq{$sender_host_name}{$interface_address}}}\
                    {yes}{no}}


# Next check and see if the HOSTNAME is my IP address
# But skip if the hostname is blank

deny  message = No you are not ME or OURS (HOSTNAME
was $sender_host_name)
      hosts   = !+relay_from_hosts
      log_message = Forged hostname detected in HELO:
$sender_helo_name
      condition   = ${if and {\
                {!eq{$sender_host_name}{}}\


{match{${lc:$sender_host_name}}{${lc:$qualify_domain}}}}\
                {yes}{no}}



So what do you think, is it ok?
But,
a)
I have still in mainlog:
"no host name found for IP address xxx.xxx.xxx.xxx
no IP address found for host HOST1 (during SMTP
connection from (HOST1) [xxx.xxx.xxx.xxx])"

for internal sender!? --> 1)

b)
how to handle "good" sender?
"no IP address found for host blahblah.com..."
a whitelist? where?

c) is it better to put the acl´s from 1) to another ,
separate acl?

hope someone can help or explain me the problematic.
I´m no exim-expert, but I want to understand the
config.

so thx in advance,




    

    
        
___________________________________________________________
Gesendet von Yahoo! Mail - Jetzt mit 250MB Speicher kostenlos - Hier anmelden: http://mail.yahoo.de