Dudi Goldenberg wrote:
> Hello list,
>
> I'm in the middle of configuring my first exim installation (Debian lenny) - I'm after two goals.
>
> One is to add some regexp checks to exim's HELO/EHLO checks, I have the following:
>
> acl_check_helo:
> accept hosts = @[] : @
> endpass
> deny message = FQHN Required.
> condition = ${if ! match {$sender_helo_name}{\N^[^.].*\.[^.]+$\N}}
> deny message = FQHN required. Address literals prohibited by local policy.
> condition = ${if match {$sender_helo_name} {^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\$|^\[[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\]\$} {yes}{no}
> accept
>
> I'm trying to add some regex checks like:
> /^dsl.*\..*\..*/i 553 Rejected.
> /[ax]dsl.*\..*\..*/i 553 Rejected.
>
> The other thing is bypassing these checks for authenticated users.
>
> Authenticated users submit mail via the submission port (587) but I see the mail going through the EHLO/HELO checks.
Sounds like a challenge to figure them all out on your own. There's a
program around called DynaStop that has all the regex in it already and
a fairly extensive whitelist is availble. I haven't integrated it yet as
it doesn't fit with my setup but it does show significant promise (of
avoid me having to figure out all those regex on my own!!)
There is a pretty large chunk of the net that will match both with
DynaStop and lists like zen.spamhaus.org.
As soon as I have the time to figure out how to get DynaStop to simply
tell me if an IP is dynamic/generic or not and leave the greylisting and
other stuff to me, I throw it into the mix and see what I really think
of it.
--
The Exim Manual
http://www.exim.org/docs.html
http://www.exim.org/exim-html-current/doc/html/spec_html/index.html