Re: [exim] Punishing malformed HELO at acl_smtp_rcpt level?

Top Page
Delete this message
Reply to this message
Author: Ian Eiloart
Date:  
To: Mike Meredith, exim-users
Subject: Re: [exim] Punishing malformed HELO at acl_smtp_rcpt level?


--On 10 January 2007 13:12:54 +0000 Mike Meredith
<mike.meredith@???> wrote:

> Sometime around Wed, 10 Jan 2007 11:45:13 +0000, it may be that Ian
> Eiloart wrote:
>> > acl_smtp_rcpt = check_recipient_${if eq {$interface_port}{25}
>> > {mta}{msa}}
>>
>> What about people doing message submission on port 25? The fact that
>> you provide port 587 for MSA doesn't mean that people are bound to
>> use it.
>
> I provided an example of how *I* do it, and we do insist that people do
> message submission on 587 (and 465) ... we've long maintained that we
> do not support users submitting directly to tcp/25 because of the
> stringent checking that goes on there.
>
>> We provide MSA on a different set of IP addresses. It certainly keeps
>> our MSA logs clear of spam rejections, cos spammers don't even
>> attempt to connect to our MSA server - even on port 25!
>
> You could still do different ACLs for different interface addresses.


I do. In fact, I have different configuration files completely for these
reasons:

1. Screwing up the MX config simply causes inbound mail to be queued
remotely (except the spam, which magically goes away!). However, I need to
do it quite often because of changing spam requirements.

2. Screwing up the MSA config causes my users pain, but I don't often need
to do it because it doesn't contain any spam filtering (it does filter
viruses, though).


--
Ian Eiloart
IT Services, University of Sussex