"John Stegenga" wrote:
> Sorry if this is FAQ, gents and ladies, but I have 800 digests that I've yet
> to read.....
>
> Recently SPAM has been coming from outside sources with the HELO faked as my
> server IPs...
>
> Is there an easy way to configure Exim to reject that completely?
I guess this won't work with IPv6, but it cuts out a load of rubbish
for us. Replace /etc/exim/nets.hetzner with a file containing a
list of your assigned network space. This ACL just stops 'outside'
using an 'inside' IP address in their EHLO/HELO. And it won't let
anything past that hasn't greeted.
acl_smtp_helo:
drop message = Forged EHLO/HELO data
set acl_c0 = ${if match{$smtp_command_argument} \
{\N^.*?(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}).*?$\N} \
{$1}{no}}
condition = ${if isip{$acl_c0} {yes}{no}}
!hosts = net-iplsearch;/etc/exim/nets.hetzner
condition = ${lookup{$acl_c0} \
iplsearch{/etc/exim/nets.hetzner}{yes}{no}}
accept
acl_smtp_mail:
deny message = HELO/EHLO not yet given
condition = ${if >{${strlen:$sender_helo_name}}{0} {no}{yes}}
...
Ian
--
Ian Freislich
