Re: [exim] Rejecting faked numeric HELO

Top Page
Delete this message
Reply to this message
Author: Frank Elsner
Date:  
To: John Stegenga
CC: exim-users
Subject: Re: [exim] Rejecting faked numeric HELO
On Mon, 6 Jun 2005 08:20:39 -0400 John Stegenga wrote:
> Sorry if this is FAQ, gents and ladies, but I have 800 digests that I've yet
> to read.....
>  
> Recently SPAM has been coming from outside sources with the HELO faked as my
> server IPs...
>  
> Is there an easy way to configure Exim to reject that completely?


I use with success:

  deny message = Illegal argument in HELO/EHLO ($sender_helo_name)
       log_message = Strange IP addr given
       condition = ${if and {\
                       { isip {$sender_helo_name}}\
                       { !eq  {$sender_helo_name}{$sender_host_address}}\
                       { !eq  {$sender_helo_name}{[$sender_host_address]}}\
                            }\
                        {yes}{no}}


  deny message = Illegal HELO/EHLO (You really can't be $primary_hostname)
       log_message = Illegal HELO/EHLO (primary_hostname)
       condition = ${if eq {${lc:$sender_helo_name}}{${lc:$primary_hostname}}\
                           {yes}{no}}



--Frank Elsner