Re: [exim] HELO verification

Pàgina inicial
Aquest missatge és part del següent fil:
M-\l'arbre de fils complet ordenat per data
M\MJerry Stuckle en <-
MMJakob Hirsch en ->
Delete this message
Reply to this message
Autor: David Saez Padros
Data:  
A: Jerry Stuckle
CC: exim-users
Assumpte: Re: [exim] HELO verification
Hi !!

> I'm looking for another way of knocking down spam. I've got the usual
> HELO/EHLO verification tests - rejecting a bare IP or someone claiming
> to be my domain.
>
> However, more of the spam getting through has a HELO/EHLO name
> containing a random string of characters.

we use that rules with success:

# Tipical unexistant domains 

   deny    condition     = ${if match {$sender_helo_name}\
                           {(backup\.lst|localhost|system\.mail)}}
           message       = Bad HELO: $sender_helo_name does not exist\n\
                           Please see RFC 2821 section 4.1.1.1


# Usual forged HELO's 

   deny    condition     = ${if match {$sender_helo_name}\
    {^(gmail\.com|msn\.com|yahoogroups\.com|aol\.com)\$}}
           message       = Forged HELO: you are not $sender_helo_name


# Hacked HELO (DOMAIN.com) (constructed by viruses) 

   deny    condition     = ${if match \
    {$sender_helo_name}{\N^[A-Z]+[A-Z0-9\-]+\.[a-z0-9]+$\N}}
           message       = Hacked HELO: you are not $sender_helo_name


# Hacked HELO (random domain names) (constructed by viruses) 

   deny    condition     = ${if match {$sender_helo_name}{smtp}{no}{yes}}
           condition     = ${if match {$sender_helo_name}\
                           {\N^[a-z0-9]+\.[a-z]+$\N}}
           condition     = ${if match {$sender_helo_name}\
                           {\N.*[bcdfghjklmnpqrstvwxz]{7,}.*\.[a-z]+$\N}}


Also if $sender_helo_name does not resolve the following rules catch
a lot of spam: 

   deny    condition      = ${if match \
        {$sender_helo_name}{\N^[A-Z0-9\-]+\.[a-z0-9]+\N}}
           message        = $sender_helo_name does not exist


   deny    condition      = ${if match \
                 {$sender_helo_name}{\N^[a-z0-9\-]+\.[a-z0-9]+\.\
                 (comcast\.net|ameritech\.net|optonline\.net|\
        verizon\.net|cox\.net|rr\.com|adelphia\.net)$\N}}
           message        = $sender_helo_name does not exist


  deny    condition     = ${if match {$sender_helo_name}{^yahoo\.}}
           message       = Forged HELO: you are not $sender_helo_name


with more dns queries: 

   deny    condition      = ${if match{$sender_helo_name}\
                            {^[a-z0-9\\-]+\\.(com|net|org)\$}}
           condition      = ${lookup \
                dnsdb{defer_never,ns=$sender_helo_name}\
                            {no}{yes}}
           message        = $sender_helo_name does not exist


--
Best regards ... 

----------------------------------------------------------------
    David Saez Padros                http://www.ols.es
    On-Line Services 2000 S.L.       e-mail  david@???
    Pintor Vayreda 1                 telf    +34 902 50 29 75
    08184 Palau-Solita i Plegamans   movil   +34 670 35 27 53
----------------------------------------------------------------





Aquest missatge es va enviar a les següents llistes de correu:
Exim-users
Informació sobre la llista de correu | Missatges propers		<-[exim] HELO verificationRe: [exim] Problem with router / socket->
Tahini and Hummus and Cumin Development Archives administrat per cumin AdminsLurker (versió 2.3)