Re: [exim] Blocking Microsoft ESMTP Mail Service

Top Page
Delete this message
Reply to this message
Author: Always Learning
Date:  
To: Exim
Subject: Re: [exim] Blocking Microsoft ESMTP Mail Service
Hi Mike,

I continue to be impressed by the splendid web documentation. Its great.

On Tue, 2012-09-04 at 19:42 +0100, exim-users@??? wrote:

> On 04/09/12 18:45, Always Learning wrote:
>
> > We want to block all emails sent from spamming servers like
> > Microsoft ESMTP Mail Service.
> >
> > In ACL HELO how can one match the data in the HELO/EHLO line ? I
> > want to match 'Microsoft ESMTP MAIL Service' and then drop or
> > reject the connection.
> >
> > 220 galsrv1.galvatech.local Microsoft ESMTP MAIL Service, Version:
> > 6.0.3790.4675 ready at Wed, 5 Sep 2012 03:29:41 +1000


> You're confusing the welcome banner with the helo. When a mailserver
> connects to yours and issues a HELO/EHLO it only sends its hostname.
> It doesn't send a string like "Microsoft ESMTP MAIL Service". You need
> to match on a header in the data acl instead.


Thanks. Of course. Too little sleep dulls my brain but not my dislike of
spammers et al.

I'm used Bill's suggestion and placed near the beginning of ACL SMTP
Connection:-

drop    hosts         = EXDIR/exim.2.h.drop
        log_message   = [AX1] $sender_host_address : $sender_host_name
        delay         = 5m


which works. [AX1] is a tag (or marker) used in Logwatch's Exim section
to identify these drops and produce a one line total quantity with
optional listing if required.

Thank you.

Paul.

--
Paul.
England,
EU.