> > 2008-12-21 18:22:57 1LESx5-0009ne-I2 <= terry@???
> > H=(62-30-39-110.cable.ubr02.wiga.blueyonder.co.uk) [62.30.39.110]:4254
> > I=[217.112.92.232]:25 P=esmtp S=3619 T="Hi, my lost love )" from
> > <terry@???> for terry@???
I greylist mail with such helo. See my ACL attached to
http://wiki.exim.org/DbLessGreyListingRun
An excerpt:
defer log_message = greylisted because `HELO $sender_helo_name` looks \
dynamic
condition = ${if match{$sender_helo_name}\
{\N(\d{1,3}[-.]){3}\d\N}}
condition = ${if !match{$sender_helo_name}{sta}}
set acl_c_grey_checked = deferred/greylisted because \
`HELO $sender_helo_name` looks like dynamic
message = $acl_c_grey_checked
set acl_c_grey_result = ${if exists{$acl_m_greyfile}\
{${if >{${eval:$tod_epoch-\
${extract{mtime}{${stat:$acl_m_greyfile}}}}}{180}{0}{1}}}\
{${if eq{${run{/usr/bin/touch $acl_m_greyfile}}}{}{1}{1}}}}
condition = $acl_c_grey_result
accept condition = ${if def:acl_c_grey_checked}
add_header = X-OOOOOOOOOOOOOOOOOOOOOOOOOO: passed greylisting helo dyn
logwrite = passed greylisting helo dyn \
${sg{$sender_rcvhost}{\N[\n\t]+\N}{\040}}
My ACLs perform also other checks. In practice they fend such spam off
before DATA, reducing bandwidth expence and load.
