Re: [exim] Forbid HELO

Page principale
Supprimer ce message
Répondre à ce message
Auteur: W B Hacker
Date:  
À: exim-users
Sujet: Re: [exim] Forbid HELO
Philip Hazel wrote:

> On Thu, 26 Oct 2006, Peter Bowyer wrote:
>
>
>>>250 xxx.net Hello xxx.net [82.230.172.234]
>>>
>>>HELO is still allowed. I really would like to deny it here.
>>
>>HELO support is a required part of SMTP, as has already been
>>explained. It's not possible, and not sensible, to disallow it.
>
>
> Well, it is possible, though I entirely agree that it is not sensible!
> You can check for HELO vs EHLO in an ACL.
>


Certainly a potential problem in public-facing smtp.

However, I can see a *perceived* value IF used ONLY within a de-facto 'private
email system'. Even so, several other Exim tools seem to be far better suited
to that use.

Rules for specific hostlists could include:

- requiring *specific* SSL/TLS cert matches

- arrival over specified VPN networks

- use (for internal LAN's) of non-routable IP's

and, of course, the 'general case' - that of using, instead of port 25, port 24
- which was set aside for that purpose [1] long ago - so as to segregate such
traffic from the 'rest of' the smtp arrivals.

Bill

[1]
                  24/udp     # any private mail system
                  24/tcp     # any private mail system