Always Learning wrote:
>
> We want to block all emails sent from spamming servers like Microsoft
> ESMTP Mail Service.
>
>
> In ACL HELO how can one match the data in the HELO/EHLO line ? I want
> to match 'Microsoft ESMTP MAIL Service' and then drop or reject the
> connection.
>
>
> 220 galsrv1.galvatech.local Microsoft ESMTP MAIL Service, Version:
> 6.0.3790.4675 ready at Wed, 5 Sep 2012 03:29:41 +1000
>
>
> 220 adstudio.co.za Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675
> ready at Tue, 4 Sep 2012 19:31:48 +0200
>
>
> M$ ESMTP MAIL Service does not recognise 550 error codes sent by Exim.
> M$ thinks 550 means "try again to send the unwanted junk".
>
> The worse mail abusers, in my experience, use Microsoft ESMTP MAIL
> Service. We get about 150 mail attempts every day from each of the
> defective Microsoft ESMTP MAIL Service servers, day after day. Their
> owners and ISPs are ineffective at halting the abuse.
>
> Thank you.
>
>
Experiment with this before going TOO far.
Not ALL of those using EMM ASS tools are bad-actors, and blocking on
anyhting but the LAST MILE sending server is dodgy:
===
warn
logwrite = Traversing MS ESMTP test
regex = ^HELO:: .*Microsoft ESMTP MAIL
log_message = $sender_host_address matched MS ESMTP
===
CAVEAT: Half-vast adapted from a different test, and NOT TESTED.
Expect it will need correction from someone more expert than I.
But you get the drift.
FWIW, I just add the offending ISP to my LBL or their IP pool to the OS
FW tables.
Lower-resource tests than a regex, and less drivel in logs.
Bill
--
韓家標
