Re: [exim] HELO verification

Página Principal
Esta mensagem é parte da seguinte discussão:
M-\a lista completa das discussões ordenadas por data
M\MJerry Stuckle em <-
MMJakob Hirsch em ->
Apagar esta mensagem
Responder a esta mensagem
Autor: David Saez Padros
Data:  
Para: Jerry Stuckle
CC: exim-users
Assunto: Re: [exim] HELO verification
Hi !!

> I'm looking for another way of knocking down spam. I've got the usual
> HELO/EHLO verification tests - rejecting a bare IP or someone claiming
> to be my domain.
>
> However, more of the spam getting through has a HELO/EHLO name
> containing a random string of characters.

we use that rules with success:

# Tipical unexistant domains 

   deny    condition     = ${if match {$sender_helo_name}\
                           {(backup\.lst|localhost|system\.mail)}}
           message       = Bad HELO: $sender_helo_name does not exist\n\
                           Please see RFC 2821 section 4.1.1.1


# Usual forged HELO's 

   deny    condition     = ${if match {$sender_helo_name}\
    {^(gmail\.com|msn\.com|yahoogroups\.com|aol\.com)\$}}
           message       = Forged HELO: you are not $sender_helo_name


# Hacked HELO (DOMAIN.com) (constructed by viruses) 

   deny    condition     = ${if match \
    {$sender_helo_name}{\N^[A-Z]+[A-Z0-9\-]+\.[a-z0-9]+$\N}}
           message       = Hacked HELO: you are not $sender_helo_name


# Hacked HELO (random domain names) (constructed by viruses) 

   deny    condition     = ${if match {$sender_helo_name}{smtp}{no}{yes}}
           condition     = ${if match {$sender_helo_name}\
                           {\N^[a-z0-9]+\.[a-z]+$\N}}
           condition     = ${if match {$sender_helo_name}\
                           {\N.*[bcdfghjklmnpqrstvwxz]{7,}.*\.[a-z]+$\N}}


Also if $sender_helo_name does not resolve the following rules catch
a lot of spam: 

   deny    condition      = ${if match \
        {$sender_helo_name}{\N^[A-Z0-9\-]+\.[a-z0-9]+\N}}
           message        = $sender_helo_name does not exist


   deny    condition      = ${if match \
                 {$sender_helo_name}{\N^[a-z0-9\-]+\.[a-z0-9]+\.\
                 (comcast\.net|ameritech\.net|optonline\.net|\
        verizon\.net|cox\.net|rr\.com|adelphia\.net)$\N}}
           message        = $sender_helo_name does not exist


  deny    condition     = ${if match {$sender_helo_name}{^yahoo\.}}
           message       = Forged HELO: you are not $sender_helo_name


with more dns queries: 

   deny    condition      = ${if match{$sender_helo_name}\
                            {^[a-z0-9\\-]+\\.(com|net|org)\$}}
           condition      = ${lookup \
                dnsdb{defer_never,ns=$sender_helo_name}\
                            {no}{yes}}
           message        = $sender_helo_name does not exist


--
Best regards ... 

----------------------------------------------------------------
    David Saez Padros                http://www.ols.es
    On-Line Services 2000 S.L.       e-mail  david@???
    Pintor Vayreda 1                 telf    +34 902 50 29 75
    08184 Palau-Solita i Plegamans   movil   +34 670 35 27 53
----------------------------------------------------------------





Esta mensagem foi colocada nas seguintes mailing lists:
Exim-users
Informação da Mailing List | Mensagens Perto		<-[exim] HELO verificationRe: [exim] Problem with router / socket->
Tahini and Hummus and Cumin Development Archives administrado por cumin AdminsLurker (versão 2.3)