Re: [exim] Blocking Microsoft ESMTP Mail Service

Pàgina inicial
Delete this message
Reply to this message
Autor: W B Hacker
Data:  
A: exim users
Assumpte: Re: [exim] Blocking Microsoft ESMTP Mail Service
Always Learning wrote:
>
> We want to block all emails sent from spamming servers like Microsoft
> ESMTP Mail Service.
>
>
> In ACL HELO how can one match the data in the HELO/EHLO line ? I want
> to match 'Microsoft ESMTP MAIL Service' and then drop or reject the
> connection.
>
>
> 220 galsrv1.galvatech.local Microsoft ESMTP MAIL Service, Version:
> 6.0.3790.4675 ready at Wed, 5 Sep 2012 03:29:41 +1000
>
>
> 220 adstudio.co.za Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675
> ready at Tue, 4 Sep 2012 19:31:48 +0200
>
>
> M$ ESMTP MAIL Service does not recognise 550 error codes sent by Exim.
> M$ thinks 550 means "try again to send the unwanted junk".
>
> The worse mail abusers, in my experience, use Microsoft ESMTP MAIL
> Service. We get about 150 mail attempts every day from each of the
> defective Microsoft ESMTP MAIL Service servers, day after day. Their
> owners and ISPs are ineffective at halting the abuse.
>
> Thank you.
>
>


Experiment with this before going TOO far.

Not ALL of those using EMM ASS tools are bad-actors, and blocking on
anyhting but the LAST MILE sending server is dodgy:

===

warn
    logwrite    = Traversing MS ESMTP test
    regex       = ^HELO:: .*Microsoft ESMTP MAIL
    log_message = $sender_host_address matched MS ESMTP


===

CAVEAT: Half-vast adapted from a different test, and NOT TESTED.

Expect it will need correction from someone more expert than I.

But you get the drift.

FWIW, I just add the offending ISP to my LBL or their IP pool to the OS
FW tables.

Lower-resource tests than a regex, and less drivel in logs.

Bill

--
韓家標