On 12 Jun 2007, at 17:15, Thomas Jacob wrote:
> I use it to exempt MTAs with a valid helo string from some other
> processing, and for that a check helo str=simple reverse lookup
> would be nice thing to have.
>
> Is there perhaps a way to achieve this using other Exim features?
with Exim you can do all sorts of funky DNS lookups.
For an example of absolutely hermetical use of dns lookups see (I am
not good at comments...):
# DNS TESTS
# acl_c16 (uses also acl_c15)
# find the peer ($sender_host_address) in-addr.arpa zone NS records
# and add 3 points (for now) if this fails like for many
misconfigured servers
warn !authenticated = *
set acl_c15 = ${lookup dnsdb{cname=${if match
{$sender_host_address}\
{\N^(\d+)\.(\d+)\.(\d+)\.(\d+)$\N}\
{$4.$3.$2.$1.in-addr.arpa}fail}}{$value}{none}}
condition = ${if !eq{$acl_c15}{none}}
set acl_c15 = ${if match {$acl_c15}{\N^(\d+)\.(.+)$\N}{$2}fail}
set acl_c15 = ${lookup dnsdb{ns=$acl_c15}{$value}{none}}
warn !authenticated = *
condition = ${if eq{$acl_c15}{none}}
set acl_c15 = ${lookup dnsdb{defer_lax,zns=${if match
{$sender_host_address}\
{\N^(\d+)\.(\d+)\.(\d+)\.(\d+)$\N}\
{$3.$2.$1.in-addr.arpa}fail}}{$value}{none}}
#add points for misconfigured servers (they should give NODOMAIN!)
warn !authenticated = *
set acl_c15 = ${tr {$acl_c15}{\r\n}{\ }}
condition = ${if eq{$acl_c15}{none}}
set acl_c16 = 3
# from now on acl_c15 contains a list of the NS records of the in-
addr.arpa zone of the peer
# add point for bad servers
warn !authenticated = *
condition = ${if match {$acl_c15}{\.cn\ }{yes}{no}}
set acl_c16 = 3
# be nasty to bad domains in NS record
warn !authenticated = *
condition = ${if match {$acl_c15}{\N(?i)(xo\.com|
terraempresas\.com\.br)$\N}{yes}{no}}
set acl_c16 = 5
warn !authenticated = *
condition = ${if match {$acl_c15}{\N(?i)(ecircle\.de|cn\.ad
\.jp|rackspace\.com|mail\.ru|mtu\.ru)$\N}{yes}{no}}
set acl_c16 = 7
