[exim] Spam with IP like HELO

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Gregg Lain
Datum:  
To: exim-users
Betreff: [exim] Spam with IP like HELO
Thanks for posting this - I read about in fact breaking the RFC and
blocking anyone that uses an IP for a HELO at junkemailfilter.com and
like it.

I do outgoing email for a client and comcast blocked me because my
reverse was not set-up - migrated servers.. (fixed now)...

So with that big of a customer using strict controls plus
junkemailfilter.com
using IP based HELO blocking, set this in exim.conf and its great -
so far lots of stuff blocked, and if a host is legitimate it ought not be
sending an IP for a HELO nowadays anyhow.

drop
    condition  = ${if and {{match 
{$sender_helo_name}{\N^\[(.+)\]$\N}}{isip4 {$1}}}{true}{false}}
    message     = Access denied - IP based HELO not allowed. (violates 
RFC2821 4.1.3)


This also drops HELO like H=201.130.163.110.dsl.dyn.telnor.net
.. need to fix this for those that use this server for outgoing and run
into this, but I expect not many.

I am new to exim - from postfix camp - love the fact regex can be used -
look forward to learning..

/Gregg
begin:vcard
fn:Gregg Lain
n:Lain;Gregg
email;internet:gregg@???
title:Mochabomb - Web Design + Hosting for Geeks
tel;cell:415-577-5758
url:mochabomb.com
version:2.1
end:vcard