Re: [exim] Blocking HELO with IP, but not for autenticated u…

Top Pagina
Delete this message
Reply to this message
Auteur: Phil Pennock
Datum:  
Aan: Luca Bertoncello
CC: Exim Users ML
Onderwerp: Re: [exim] Blocking HELO with IP, but not for autenticated users
On 2007-06-08 at 11:07 +0200, Luca Bertoncello wrote:
> Another problem: I'd like to block the HELO/EHLO with IPs or not FQDN, but I
> MUST allow this for all my autenticated users...
>
> I want to reject these E-Mail as soon as possible.
> Has Exim an ACL that be called after "MAIL FROM"?


Yes; you can find a quick list of all of the ACLs in section 40.2 of The
Exim Specification (spec.txt which came with your Exim). These are also
listed in the policy controls in section 14.11 of spec.txt.

You'll also want to read section 40.16 on ACL variables.

> If yes, then I can reject the E-Mail with invalid HELO/EHLO and not
> autenticated direct after MAIL FROM...


In your authenticators use server_set_id to set $authenticated_id.

Use the ACL run at HELO time to set a connection ACL variable (acl_c*);
with a recent enough Exim this can be named (acl_c_helo_was_ip),
otherwise you'll need to allocate a number in your configuration
(acl_c0). Give it a value of "yes" or "no".

In the ACL run at SMTP MAIL time, reject based on two conditions.

  deny   message = Go away, foul fiend
       condition = $acl_c_helo_was_ip
       condition = ${if eq{$authenticated_id}{}}


Please remember that some broken mail senders do not deal well with a
mail-system which rejects at MAIL time, so you might be better off
rejecting at RCPT time instead.

-Phil