On 09/01/07, Fionn Behrens <fionn@???> wrote:
>
> Hi all,
>
> I recently found this rule on the net and found it caught a lot of spam:
>
> deny message = Invalid HELO. You must be spam or a virus.
> log_message = HELO/EHLO invalid domain (no dot)
> condition = ${if match{$sender_helo_name}{\\.}{no}{yes}}
>
> Unfortunately (as if I could not have guessed that) it also prevents
> some of our customers from sending mail, who use dynamic IP and shitty
> MUAs from redmond.
> I am not the ultimate expert but to my knowledge smtp auth takes place
> after HELO, doesnt it? Would it be possible to set sort of a flag in
> this case of malformed HELO and recall it later at the acl_smtp_rcpt
> level? At that point I know whether I am talking to a "foreign" mail
> server or to a properly authenticated customers client and could shut up
> the former one.
You can move the HELO check to later in the ACLs - you don't have to
check it at HELO time - the $sender_helo_name variable is available
from the HELO ACL onwards. So your RCPT ACL could include
accept authenticated = *
deny message = Invalid HELO. You must be spam or a virus.
log_message = HELO/EHLO invalid domain (no dot)
condition = ${if match{$sender_helo_name}{\\.}{no}{yes}}
Peter
--
Peter Bowyer
Email: peter@???
