Hi,
I am receiving a bunch of stock spams (mostly in german). Their common
property seems to be a helo like [ip.add.re.ss].
I am thinking about an ACL like this one:
warn
condition = ${if
match{$sender_helo_name}{\N(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[0
1]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\N}{yes}{no}}
set acl_c1 = IP in HELO
set acl_c0 = Please set up a meaningful name in your HELO
(i.e. not containing an IP).
(with acl_c1 and acl_c0 set, the mail is rejected after rcpt in my config)
What do you think? An IP between [] delimiters is "legal" in rfc2821,
however I don't think many legit servers are using this kind of
configuration.
--
010100100110010101101110011000010111010101100100
010000010110110001101100011000010111001001100100
