Re: [exim] A riddle: What HELO/EHLO does remote host send?

Top Page
Delete this message
Reply to this message
Author: W B Hacker
Date:  
To: Exim users mailing list
Subject: Re: [exim] A riddle: What HELO/EHLO does remote host send?
Alexander Shikoff wrote:
> Hello,
>
> To discover some strange issue I've put some additional logging into HELO
> and RCPT ACLs:
>
> acl_check_helo:
>     deny
>         # reject IP-addresses IN HELO/EHLO
>                 message = Bad HELO/EHLO
>                 condition = ${lookup{$sender_helo_name}nwildlsearch{BL_BAD_HELO}{yes}{no}}

>
> acl_check_rcpt:
>         warn
>                 logwrite = ---$sender_host_address/$sender_helo_name---
>     [...]

>
> After that I got in log:
>
> Feb 2 14:31:59 crow exim[39322]: 2007-02-02 14:31:59 H=(201.250.198.147) [201.250.198.147] rejected EHLO or HELO 201.250.198.147: Bad HELO/EHLO
> Feb 2 14:32:01 crow exim[39322]: 2007-02-02 14:32:01 ---201.250.198.147/---
> Feb 2 14:32:05 crow exim[39322]: 2007-02-02 14:32:05 H=[201.250.198.147] F=<bjoern.wunderlich@???> rejected RCPT <info@???>: 201.250.198.147 listed by list.dsbl.org
>
> Now a riddle: what HELO did remote host send?!
> Any suggestions?
>


Change:

message = Bad HELO/EHLO

to:

message = Bad HELO/EHLO from $sender_helo_name

ELSE:

log_selector = +all

OR

log_selector = <your own '+' and '-' list of what you want logged/not>

Bill