Re: [exim] where is this mail coming from?

Top Page
Delete this message
Reply to this message
Author: Tony Finch
Date:  
To: exim-users
CC: Jeff Lasman
Subject: Re: [exim] where is this mail coming from?
On Mon, 11 Feb 2008, Phil Pennock wrote:
>
> The second ACL:
>   * accepts any HELO/EHLO supplied from the local host
>   * rejects any HELO/EHLO which is an IP address where that IP address
>     belongs to your local host
>   * accepts any other HELO/EHLO


I recommend a stricter HELO check.

  deny
    message        = Polite people say HELO first
    condition      = ${if !def:sender_helo_name }
  deny
    message        = Please use your name when saying HELO (not $sender_helo_name)
    condition      = ${if or{{ eq{$ACL_HELO}{bad} } \
                             { eq{$sender_helo_name}{$local_part} } \
                             { match{$sender_helo_name}{^[0-9.-]+\$} } \
                             { match{$sender_helo_name}{\N[.][.]|.{55}\N} } \
                             { match_domain{$sender_helo_name}{+our_domains} }} }
    set ACL_HELO   = bad


This rejects email from hosts that
(a) omit HELO and EHLO
(b) say HELO joe / MAIL FROM:<whatever> / RCPT TO:<joe@whatever>
(c) say HELO <anything numeric, including IP addresses>
(d) say HELO <anything containing a double dot or that is very long>
(e) say HELO <any of our domains>

Tony.
--
<fanf@???> <dot@???> http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}