Re: [exim] Mail claims to be sent by my self

Top Page
Delete this message
Reply to this message
Author: Lena
Date:  
To: exim-users
Subject: Re: [exim] Mail claims to be sent by my self
> > 2008-12-21 18:22:57 1LESx5-0009ne-I2 <= terry@???
> > H=(62-30-39-110.cable.ubr02.wiga.blueyonder.co.uk) [62.30.39.110]:4254
> > I=[217.112.92.232]:25 P=esmtp S=3619 T="Hi, my lost love )" from
> > <terry@???> for terry@???


I greylist mail with such helo. See my ACL attached to
http://wiki.exim.org/DbLessGreyListingRun
An excerpt:

  defer  log_message = greylisted because `HELO $sender_helo_name` looks \
                       dynamic
         condition = ${if match{$sender_helo_name}\
                               {\N(\d{1,3}[-.]){3}\d\N}}
         condition = ${if !match{$sender_helo_name}{sta}}
         set acl_c_grey_checked = deferred/greylisted because \
                                  `HELO $sender_helo_name` looks like dynamic
         message = $acl_c_grey_checked
         set acl_c_grey_result = ${if exists{$acl_m_greyfile}\
           {${if >{${eval:$tod_epoch-\
           ${extract{mtime}{${stat:$acl_m_greyfile}}}}}{180}{0}{1}}}\
           {${if eq{${run{/usr/bin/touch $acl_m_greyfile}}}{}{1}{1}}}}
         condition = $acl_c_grey_result


  accept condition = ${if def:acl_c_grey_checked}
         add_header = X-OOOOOOOOOOOOOOOOOOOOOOOOOO: passed greylisting helo dyn
         logwrite = passed greylisting helo dyn \
                    ${sg{$sender_rcvhost}{\N[\n\t]+\N}{\040}}


My ACLs perform also other checks. In practice they fend such spam off
before DATA, reducing bandwidth expence and load.