[exim] Helo Rules Help

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Wil Hatfield - HyperConX
Ημερομηνία:  
Προς: exim-users
Αντικείμενο: [exim] Helo Rules Help
Can anyone help me to iron out my helo rules? I have spent countless hours
and have learned simply that if it ain't one problem it is another.

check_helo:
# Deny helo names that don't include a . unless they are using port 587 or
in the whitelist_hosts_ip list
  deny message      = RFC2821 breach with ($sender_helo_name). Use SMTP port
587 instead.
       condition    = ${if and {{eq{$interface_port}{25}}{! match
{$sender_helo_name}{\N^[^.].*\.[^.]+$\N}}}}
       logwrite     = :panic: HELOVIO-2 helo:$sender_helo_name
ip:$sender_host_address host:$sender_host_name
       hosts        = ! +whitelist_hosts_ip


# Check simply that a helo is being sent and no attempts are being made to
send a "" blank.
  drop message      = RFC2821 breach polite hosts say HELO first. See RFC
2821 section 4.1.1.1
       condition    = ${if eq{$sender_helo_name}{}{1}{0}}
       logwrite     = :panic: HELOVIO-3 helo:$sender_helo_name
ip:$sender_host_address host:$sender_host_name
       hosts        = ! +whitelist_hosts_ip


# Check that plain IP isn't being sent either V4 or V6 - IP address without
[]
  drop message      = RFC2821 breach $sender_helo_name is an IP and not a
name
       condition    = ${if or {{ isip{$sender_helo_name}}{
isip6{$sender_helo_name}}}{1}{0}}
       logwrite     = :panic: HELOVIO-4 helo:$sender_helo_name
ip:$sender_host_address host:$sender_host_name
       hosts        = ! +whitelist_hosts_ip


# Check that helo isn't equal to the interface_address unless on port 587 or
in whitelist
  drop message      = Security breach $sender_helo_name is MY interface
address!
       condition    = ${if and {{
match{$sender_helo_name}{$interface_address}}{!
eq{$interface_port}{587}}}{0}{1}}
       logwrite     = :panic: HELOVIO-5 helo:$sender_helo_name
ip:$sender_host_address host:$sender_host_name
       hosts        = ! +whitelist_hosts_ip


# Check that helo isn't equal to localhost.localdomain unless on port 587 or
in whitelist
  drop message      = Security breach $sender_helo_name is one of MY names!
       condition    = ${if and {{
eq{$sender_helo_name}{localhost.localdomain}}{!
eq{$interface_port}{587}}}{1}{0}}
       logwrite     = :panic: HELOVIO-6 helo:$sender_helo_name
ip:$sender_host_address host:$sender_host_name
       hosts        = ! +whitelist_hosts_ip


# Check that helo isn't equal to just localhost unless on port 587 or in
whitelist
  drop message      = Security breach $sender_helo_name is one of MY names!
       condition    = ${if and {{ eq{$sender_helo_name}{localhost}}{!
eq{$interface_port}{587}}}{1}{0}}
       logwrite     = :panic: HELOVIO-7 helo:$sender_helo_name
ip:$sender_host_address host:$sender_host_name
       hosts        = ! +whitelist_hosts_ip


# Check that remote machine isn't claiming to be one of our domains
  drop message      = Security breach $sender_helo_name is one of MY names!
       condition    = ${lookup{$sender_helo_name}
lsearch{/etc/virtual/domains}{1}{0}}
       logwrite     = :panic: HELOVIO-8 helo:$sender_helo_name
ip:$sender_host_address host:$sender_host_name
       hosts        = ! +whitelist_hosts_ip
  accept



Any help is greatly appreciated.

BigWil

exim 4.67 daemon started: pid=48626, -q1h, listening for SMTP on port 25
(IPv4) port 587 (IPv4)