Hello the list :
I've tried using this script in Exim in order to stop abusive mails received
from ADSL senders :
https://github.com/Exim/exim/wiki/Verification
drop message = Helo is ADSL or DIAL (HELO was $sender_helo_name)
and your ip $sender_host_address not is a MX/SPF of domain
<$sender_address_domain>
!senders = :
condition = ${if match
{$sender_helo_name}{\\d+\\.\\d+\\.\\d+\\.\\d+|\\d+-\\d+-\\d+-\\d+|host|dsl|d
ial|broad|band|user|dhcp|pool|client|cable|pppoe|hsd|dyn|static|ppp|speedy|c
ustomer}{yes}{no}}
!hosts = +ignore_defer : +ignore_unknown :
net-iplsearch;/etc/exim4/lst/skp_heloadsl
condition = ${if match_ip{$sender_host_address}{${lookup
dnsdb{>: defer_lax,a=${lookup dnsdb{>:
defer_lax,mxh=$sender_address_domain}}\}}\}{no}{yes}}
!spf = pass
delay = 45s
#-
drop message = Reverse verified ($sender_host_name) is ADSL or
DIAL, Helo $sender_helo_name not is $sender_host_address and your ip
$sender_host_address not is a MX/SPF of domain <$sender_address_domain>
!senders = :
condition = ${if def:sender_host_name {true}{false}}
condition = ${if match
{$sender_host_name}{\\d+\\.\\d+\\.\\d+\\.\\d+|\\d+-\\d+-\\d+-\\d+|host|dsl|d
ial|broad|band|user|dhcp|pool|client|cable|pppoe|hsd|dyn|static|ppp|speedy|c
ustomer}{yes}{no}}
!hosts = +ignore_defer : +ignore_unknown :
net-iplsearch;/etc/exim4/lst/skp_heloadsl
condition = ${if match_ip{$sender_host_address}{${lookup
dnsdb{>: defer_lax,a=${lookup dnsdb{>:
defer_lax,mxh=$sender_address_domain}}\}}\}{no}{yes}}
condition = ${if match_ip{$sender_host_address}{${lookup
dnsdb{>: defer_never,a=$sender_helo_name}\}}{no}{yes}}
!spf = pass
delay = 45s
#-
drop message = Reverse unchecked (${lookup dnsdb{>:
defer_never,ptr=$sender_host_address}\}) is ADSL or DIAL, Helo
$sender_helo_name not is $sender_host_address and your ip
$sender_host_address not is a MX/SPF of domain <$sender_address_domain>
!senders = :
condition = ${if def:sender_host_name {false}{true}}
condition = ${if match {${lookup dnsdb{>:
defer_never,ptr=$sender_host_address}}\}{\\d+\\.\\d+\\.\\d+\\.\\d+|\\d+-\\d+
-\\d+-\\d+|host|dsl|dial|broad|band|user|dhcp|pool|client|cable|pppoe|hsd|dy
n|static|ppp|speedy|customer}{yes}{no}}
!hosts = +ignore_defer : +ignore_unknown :
net-iplsearch;/etc/exim4/lst/skp_heloadsl
condition = ${if match_ip{$sender_host_address}{${lookup
dnsdb{>: defer_lax,a=${lookup dnsdb{>:
defer_lax,mxh=$sender_address_domain}}\}}\}{no}{yes}}
condition = ${if match_ip{$sender_host_address}{${lookup
dnsdb{>: defer_never,a=$sender_helo_name}\}}{no}{yes}}
!spf = pass
delay = 45s
And after 2 / 3 days I see a lot of these in my exim logs :
2013-02-06 15:53:05 H=host5.squallnetwork.net (ns7.squallnetwork.net)
[86.66.32.133] F=<exp@???> temporarily rejected RCPT
<rcpt@???>: failed to expand ACL string "${if
match_ip{$sender_host_address}{${lookup dnsdb{>: defer_lax,a=${lookup
dnsdb{>: defer_lax,mxh=$sender_address_domain}}\}}\}{no}{yes}}": missing or
misplaced { or }
2013-02-06 15:56:36 H=91.207.95.177.static.clanordns.net
(vs1430.cloud1.tdns.to) [91.207.95.177] F=<exp@???> temporarily
rejected RCPT <rcpt@???>: failed to expand ACL string "${if
match_ip{$sender_host_address}{${lookup dnsdb{>: defer_lax,a=${lookup
dnsdb{>: defer_lax,mxh=$sender_address_domain}}\}}\}{no}{yes}}": missing or
misplaced { or }
2013-02-06 16:08:05 H=host5.squallnetwork.net (ns7.squallnetwork.net)
[86.66.32.133] F=< exp@??? > temporarily rejected RCPT <
rcpt@??? >: failed to expand ACL string "${if
match_ip{$sender_host_address}{${lookup dnsdb{>:
defer_never,a=$sender_helo_name}\}}{no}{yes}}": missing or misplaced { or }
I've checked the condition lines concerned and either I'm mad, either I
don't see what's wrong.. For me brackets are well placed, and / or correctly
numbered in opening and closings..
Extend has been placed in file : 31_exim4-config_check_rcpt, and
/etc/exim4/lst/skp_heloadsl file exists and has content.
Any ideas are welcome..
Thanks by advance
Tugdual DE LASSAT
