Autor: Jakob Hirsch Data: Para: Jerry Stuckle CC: exim-users Assunto: Re: [exim] HELO verification
Quoting Jerry Stuckle:
> However, more of the spam getting through has a HELO/EHLO name
> containing a random string of characters.
Most spam here has ehlo/helo
- numeric only (like 134965176 or -1270794688)
- unqualified (like "friend" or "localhost")
- IP address without []
condition = ${if isip {$sender_helo_name}}
and
condition = ${if match {$sender_helo_name} {\N^[^.:]+$\N}}
blocks these things here.
> So I'd like to check for basically anything which has one or more
> periods non-consecutive periods. Also, following the last period should
> be two to four (or is it 5? I don't remember offhand all the
> possibilities) characters.
But there are certainly more complete regexes on the web,
"bla-.example.com" is also not valid AFAIK.
I don't think it'll catch much spam, though.
> So the above two would work, but something like "asderg" or "14509284"
> would not. Neither would "sdfkeoi.llsowwg".
Do you have much of the "aaaa.bbbbbbbb"?
fo89vfu4.pco6jp4.adelphia.net (real example) is also gibberish, but it's
not obvious.
> On a similar topic - I'm considering rejecting mail from certain country
> TLD's which would never send mail. Not to mention any names, but I get
> a fair amount from .cn, .pl, .br and a few others. How could I reject
> mail based on a list of TLD's?
cn, pl and br never send mail? That's not true.
And are absolutely really sure you'll and/or your clients will never
have business with them? Anyway, I think it's absolutely wrong to block
whole countries.