Re: [exim] (no subject)

Top Page
Delete this message
Reply to this message
Author: Tony Finch
Date:  
To: exim-users
New-Topics: [exim] Why the dodgy HELOs?
Subject: Re: [exim] (no subject)
On Thu, 6 Oct 2005, Marc Sherman wrote:
>
> What's ACL_HELO used for? It is to short-circuiting the string comparisons for
> subsequent RCPT's on the same connection?


There's a kind of spam software which sends messages with multiple
recipients, and which says HELO using the local part of the first email
address. My configuration uses an ACL variable to remember this so that
subsequent recipients are also rejected. e.g.

220 go on
HELO fanf2
250 yeah right
MAIL FROM:<spammer>
250 make my day
RCPT TO:<fanf2@???>
550 go away
RCPT TO:<ph10@???>
550-hah! can't fool me that easily!
550 I remembered that the previous recipient matched your helo name!
...

Tony.
--
<fanf@???> <dot@???> http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}