I am trying to reject a delivery based on the sender's helo name. I
get many concurrent connections where the helo consistently has the
same format (displaying a domain name for instance). So, I am
guessing these are mass mailing systems that don't bother altering
the helo.
I have smtp_accept_max_per_host = 5 to limit connections from the
same IP and still they insist by getting a different IP and using up
their five connections. Can`t see how this can be anything other than
spam. I could restrict the IP at acl connect but want to be less
strict in this case, so I set up a deny at acl helo as follows:
# deny message = Your email has been rejected probably
because your domain has been sending spam.
# log_message = HELO in reject_helo list
# condition = ${lookup {$sender_helo_name} \
# lsearch{/etc/exim/reject_helo} \
# {yes}{no}}
where /etc/exim/reject_helo contains, one per line: *baddomain1.com
*baddomain2.com, etc.
however, when I run a mock smtp connection with, for instance exim -
bh 192.168.11.22 and do EHLO baddomain1.com, I get
>>> deny: condition test failed
>>> processing "deny"
>>> check condition = ${lookup {$sender_helo_name} lsearch{/etc/exim/
reject_helo} {yes}{no}}
>>> = no
>>> deny: condition test failed
Is the condition set up properly, or am I approaching the issue in a
wrong way?
Thanks for the help.
