Hi Mike,
I continue to be impressed by the splendid web documentation. Its great.
On Tue, 2012-09-04 at 19:42 +0100, exim-users@??? wrote:
> On 04/09/12 18:45, Always Learning wrote:
>
> > We want to block all emails sent from spamming servers like
> > Microsoft ESMTP Mail Service.
> >
> > In ACL HELO how can one match the data in the HELO/EHLO line ? I
> > want to match 'Microsoft ESMTP MAIL Service' and then drop or
> > reject the connection.
> >
> > 220 galsrv1.galvatech.local Microsoft ESMTP MAIL Service, Version:
> > 6.0.3790.4675 ready at Wed, 5 Sep 2012 03:29:41 +1000
> You're confusing the welcome banner with the helo. When a mailserver
> connects to yours and issues a HELO/EHLO it only sends its hostname.
> It doesn't send a string like "Microsoft ESMTP MAIL Service". You need
> to match on a header in the data acl instead.
Thanks. Of course. Too little sleep dulls my brain but not my dislike of
spammers et al.
I'm used Bill's suggestion and placed near the beginning of ACL SMTP
Connection:-
drop hosts = EXDIR/exim.2.h.drop
log_message = [AX1] $sender_host_address : $sender_host_name
delay = 5m
which works. [AX1] is a tag (or marker) used in Logwatch's Exim section
to identify these drops and produce a one line total quantity with
optional listing if required.
Thank you.
Paul.
--
Paul.
England,
EU.
