Re: [exim] HELO verification

Pàgina inicial
Delete this message
Reply to this message
Autor: David Saez Padros
Data:  
A: Jerry Stuckle
CC: exim-users
Assumpte: Re: [exim] HELO verification
Hi !!

> I'm looking for another way of knocking down spam. I've got the usual
> HELO/EHLO verification tests - rejecting a bare IP or someone claiming
> to be my domain.
>
> However, more of the spam getting through has a HELO/EHLO name
> containing a random string of characters.


we use that rules with success:

# Tipical unexistant domains

   deny    condition     = ${if match {$sender_helo_name}\
                           {(backup\.lst|localhost|system\.mail)}}
           message       = Bad HELO: $sender_helo_name does not exist\n\
                           Please see RFC 2821 section 4.1.1.1


# Usual forged HELO's

   deny    condition     = ${if match {$sender_helo_name}\
    {^(gmail\.com|msn\.com|yahoogroups\.com|aol\.com)\$}}
           message       = Forged HELO: you are not $sender_helo_name


# Hacked HELO (DOMAIN.com) (constructed by viruses)

   deny    condition     = ${if match \
    {$sender_helo_name}{\N^[A-Z]+[A-Z0-9\-]+\.[a-z0-9]+$\N}}
           message       = Hacked HELO: you are not $sender_helo_name


# Hacked HELO (random domain names) (constructed by viruses)

   deny    condition     = ${if match {$sender_helo_name}{smtp}{no}{yes}}
           condition     = ${if match {$sender_helo_name}\
                           {\N^[a-z0-9]+\.[a-z]+$\N}}
           condition     = ${if match {$sender_helo_name}\
                           {\N.*[bcdfghjklmnpqrstvwxz]{7,}.*\.[a-z]+$\N}}


Also if $sender_helo_name does not resolve the following rules catch
a lot of spam:

   deny    condition      = ${if match \
        {$sender_helo_name}{\N^[A-Z0-9\-]+\.[a-z0-9]+\N}}
           message        = $sender_helo_name does not exist


   deny    condition      = ${if match \
                 {$sender_helo_name}{\N^[a-z0-9\-]+\.[a-z0-9]+\.\
                 (comcast\.net|ameritech\.net|optonline\.net|\
        verizon\.net|cox\.net|rr\.com|adelphia\.net)$\N}}
           message        = $sender_helo_name does not exist


  deny    condition     = ${if match {$sender_helo_name}{^yahoo\.}}
           message       = Forged HELO: you are not $sender_helo_name


with more dns queries:

   deny    condition      = ${if match{$sender_helo_name}\
                            {^[a-z0-9\\-]+\\.(com|net|org)\$}}
           condition      = ${lookup \
                dnsdb{defer_never,ns=$sender_helo_name}\
                            {no}{yes}}
           message        = $sender_helo_name does not exist


--
Best regards ...

----------------------------------------------------------------
    David Saez Padros                http://www.ols.es
    On-Line Services 2000 S.L.       e-mail  david@???
    Pintor Vayreda 1                 telf    +34 902 50 29 75
    08184 Palau-Solita i Plegamans   movil   +34 670 35 27 53
----------------------------------------------------------------