[exim] Spam with IP like HELO

Top Page
This message is part of the following thread:
M-+\the complete thread tree sorted by date
M\MM 
MMMKjetil Torgrim Homme at ->
Delete this message
Reply to this message
Author: Renaud Allard
Date:  
To: exim users
Subject: [exim] Spam with IP like HELO
Hi, 

I am receiving a bunch of stock spams (mostly in german). Their common
property seems to be a helo like [ip.add.re.ss].
I am thinking about an ACL like this one:
        warn
        condition       = ${if
match{$sender_helo_name}{\N(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[0
1]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\N}{yes}{no}}
        set acl_c1      = IP in HELO
        set acl_c0      = Please set up a meaningful name in your HELO
(i.e. not containing an IP).



(with acl_c1 and acl_c0 set, the mail is rejected after rcpt in my config)

What do you think? An IP between [] delimiters is "legal" in rfc2821,
however I don't think many legit servers are using this kind of
configuration.


--
010100100110010101101110011000010111010101100100
010000010110110001101100011000010111001001100100
This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Exim gets constantly the same mail, sent from ourcustomer (gagabay)Re: [exim] Spam with IP like HELO->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)