[exim] How do adjust this..

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MM 
MNigel Metheringham at ->
Delete this message
Reply to this message
Author: B. Cook
Date:  
To: Exim users list
Subject: [exim] How do adjust this..
Hello,

I've started seeing a lot of this, and I'm not sure why they are being
terminated at the helo/ehlo check as I try and do everything at rcpt time..

the 84.174.86.75 host is listed in spamhaus (xbl-sbl) and would get
caught in a different part of the config and be denied by that.. but
instead b/c they are being dropped at helo, they have to get caught in
the ratelimit checks and denied that way.. (if that makes sense..) how
can I allow them to continue on in their conversation, as to find out
who they are trying to come from or send to and then disconnect them.
Again if that makes sense..

I guess what I'm looking for is if I have acl_check_helo to accept, why
did it get denied?
exim -bP | grep helo
acl_smtp_helo = acl_check_helo
helo_accept_junk_hosts =
helo_allow_chars =
helo_lookup_domains = @ : @[]
helo_try_verify_hosts =
helo_verify_hosts =

2006-10-19 09:41:08 SMTP connection from [84.174.86.75]:4226
I=[1.2.3.4]:25 (TCP/IP connection count = 14)
2006-10-19 09:41:09 rejected EHLO from [84.174.86.75]:4226
I=[1.2.3.4]:25: syntactically invalid argument(s):
|http://mail.oldartero.com:8888/cgi-bin/put
2006-10-19 09:41:10 rejected HELO from [84.174.86.75]:4226
I=[1.2.3.4]:25: syntactically invalid argument(s):
|http://mail.oldartero.com:8888/cgi-bin/put
2006-10-19 09:41:10 SMTP call from [84.174.86.75]:4226 I=[1.2.3.4]:25
dropped: too many syntax or protocol errors (last command was "HELO
|http://mail.oldartero.com:8888/cgi-bin/put")

###
### START ACL HELO ###
###
acl_check_helo:
accept

###
### START ACL RCPT
###
acl_check_rcpt:

... 

# helo check
drop message   = sorry, that helo looks like an ip address $sender_helo_name
  condition     = ${if isip {$sender_helo_name}{true}{false}}
  log_message   = IP HELO


drop message    = sorry, that helo looks forged $sender_helo_name
  condition      = ${lookup {${lc:$sender_helo_name}} 
cdb{EXIM_DIR/cdb/forged_helos.cdb}{yes} \
                  {${lookup {${lc:$sender_helo_name}} 
cdb{EXIM_DIR/cdb/rcpthosts.cdb}{yes}{no}}}}
  log_message    = Forged HELO
# end helo checks


I would also be ok with "don't worry about it, it's fine.."
:)

Thanks in advance..


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] conducive.orgRe: [exim] conducive.org->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)