Re: [exim] Blocking Microsoft ESMTP Mail Service

Top Page
Delete this message
Reply to this message
Author: Always Learning
Date:  
To: Exim
Subject: Re: [exim] Blocking Microsoft ESMTP Mail Service

Hi Bill,

On Tue, 2012-09-04 at 17:57 +0000, W B Hacker wrote:

> Always Learning wrote:
> >
> > In ACL HELO how can one match the data in the HELO/EHLO line ? I want
> > to match 'Microsoft ESMTP MAIL Service' and then drop or reject the
> > connection.
> >
> > 220 galsrv1.galvatech.local Microsoft ESMTP MAIL Service, Version:
> > 6.0.3790.4675 ready at Wed, 5 Sep 2012 03:29:41 +1000
> >
> > 220 adstudio.co.za Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675
> > ready at Tue, 4 Sep 2012 19:31:48 +0200



> Experiment with this before going TOO far.


I've got 4 mail servers I can play with.

> Not ALL of those using EMM ASS tools are bad-actors, and blocking on
> anyhting but the LAST MILE sending server is dodgy:
>
> ===
>
> warn
>     logwrite    = Traversing MS ESMTP test
>     regex       = ^HELO:: .*Microsoft ESMTP MAIL
>     log_message = $sender_host_address matched MS ESMTP
> ===

>
> CAVEAT: Half-vast adapted from a different test, and NOT TESTED.
>
> Expect it will need correction from someone more expert than I.
>
> But you get the drift.
>
> FWIW, I just add the offending ISP to my LBL or their IP pool to the OS
> FW tables.
>
> Lower-resource tests than a regex, and less drivel in logs.


What I ideally sought was a once-off solution. Your interesting regext
examines all the headers in the DATA ACL. I was seeking something which
examines the incoming HELO line in the HELO ACL.

If I can't find it, will probably go for the address block blocking in
IPT.

Thanks,

Paul.




--
Paul.
England,
EU.