Re: [exim] Rejecting faked numeric HELO

Pàgina inicial
Delete this message
Reply to this message
Autor: Ian FREISLICH
Data:  
A: John Stegenga
CC: exim-users
Assumpte: Re: [exim] Rejecting faked numeric HELO
"John Stegenga" wrote:
> Sorry if this is FAQ, gents and ladies, but I have 800 digests that I've yet
> to read.....
>
> Recently SPAM has been coming from outside sources with the HELO faked as my
> server IPs...
>
> Is there an easy way to configure Exim to reject that completely?


I guess this won't work with IPv6, but it cuts out a load of rubbish
for us. Replace /etc/exim/nets.hetzner with a file containing a
list of your assigned network space. This ACL just stops 'outside'
using an 'inside' IP address in their EHLO/HELO. And it won't let
anything past that hasn't greeted.

acl_smtp_helo:
  drop     message      = Forged EHLO/HELO data
           set acl_c0   = ${if match{$smtp_command_argument} \
                    {\N^.*?(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}).*?$\N} \
                    {$1}{no}}
           condition    = ${if isip{$acl_c0} {yes}{no}}
          !hosts        = net-iplsearch;/etc/exim/nets.hetzner
           condition    = ${lookup{$acl_c0} \
                    iplsearch{/etc/exim/nets.hetzner}{yes}{no}}


accept

acl_smtp_mail:
  deny     message      = HELO/EHLO not yet given
           condition    = ${if >{${strlen:$sender_helo_name}}{0} {no}{yes}}


...

Ian

--
Ian Freislich