[exim] Filter spam by ACL from FAQ

Top Page
Delete this message
Reply to this message
Author: Фадеев Виталий Львович
Date:  
To: exim-users
Subject: [exim] Filter spam by ACL from FAQ
Hi!
Please, write proper ACL to FAQ:

https://github.com/Exim/exim/wiki/AclHeloTricks

HELO contain a IP part
drop   message        = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid
       condition      = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}}
       condition      = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}}{$sender_helo_name}{no}{yes}}
       delay          = 45s


HELO contain my domains, subdomains or my interface by dns lookup

drop   message        = No you are not ME or OURS (HELO was $sender_helo_name and equal my interface hostname)
       condition      = ${if !def:interface_address {no}{yes}}
       condition      = ${if match_ip{$interface_address}{${lookup dnsdb{>: defer_never,a=$sender_helo_name}}}{yes}{no}}
       delay          = 45s


HELO not contain a full host (ex: host.domain.com)
drop   message        = Invalid domain or IP given in HELO/EHLO (HELO was $sender_helo_name)
       condition      = ${if match{$sender_helo_name}{.+\\\..+\\\..+}{no}{yes}}
       !authenticated = *
       !senders       = wildlsearch;/etc/exim4/lst/skp_helodot
       !hosts         = +ignore_defer : +ignore_unknown : +relay_from_hosts : net-iplsearch;/etc/exim4/lst/skp_heloadsl
       condition      = ${if match_ip{$sender_host_address}{${lookup dnsdb{>: defer_lax,a=${lookup dnsdb{>: defer_lax,mxh=$sender_address_domain}}}}}{no}{yes}}
       delay          = 45s
https://github.com/Exim/exim/wiki/Verification


Contain ADSL in reverse, checked or unchecked

drop   message          = Helo is ADSL or DIAL (HELO was $sender_helo_name) and your ip $sender_host_address not is a MX/SPF of domain <$sender_address_domain>
         !senders       = :
         condition      = ${if match {$sender_helo_name}{\N\d+\.\d+\.\d+\.\d+|\d+-\d+-\d+-\d+|host|dsl|dial|broad|band|user|dhcp|pool|client|cable|pppoe|hsd|dyn|static|ppp|speedy|customer\N}{yes}{no}}
         !hosts         = +ignore_defer : +ignore_unknown : net-iplsearch;/etc/exim4/lst/skp_heloadsl
         condition      = ${if match_ip{$sender_host_address}{${lookup dnsdb{>: defer_lax,a=${lookup dnsdb{>: defer_lax,mxh=$sender_address_domain}}}}}{no}{yes}}
         !spf           = pass
         delay          = 45s


drop   message          = Reverse verified ($sender_host_name) is ADSL or DIAL, Helo $sender_helo_name not is $sender_host_address and your ip $sender_host_address not is a MX/SPF of domain <$sender_address_domain>
         !senders       = :
         condition      = ${if def:sender_host_name {true}{false}}
         condition      = ${if match {$sender_host_name}{\N\d+\.\d+\.\d+\.\d+|\d+-\d+-\d+-\d+|host|dsl|dial|broad|band|user|dhcp|pool|client|cable|pppoe|hsd|dyn|static|ppp|speedy|customer\N}{yes}{no}}
         !hosts         = +ignore_defer : +ignore_unknown : net-iplsearch;/etc/exim4/lst/skp_heloadsl
         condition      = ${if match_ip{$sender_host_address}{${lookup dnsdb{>: defer_lax,a=${lookup dnsdb{>: defer_lax,mxh=$sender_address_domain}}}}}{no}{yes}}
         condition      = ${if match_ip{$sender_host_address}{${lookup dnsdb{>: defer_never,a=$sender_helo_name}}}{no}{yes}}
         !spf           = pass
         delay          = 45s


drop   message          = Reverse unchecked (${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}) is ADSL or DIAL, Helo $sender_helo_name not is $sender_host_address and your ip $sender_host_address not is a MX/SPF of domain <$sender_address_domain>
         !senders       = :
         condition      = ${if def:sender_host_name {false}{true}}
         condition      = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}}{\N\d+\.\d+\.\d+\.\d+|\d+-\d+-\d+-\d+|host|dsl|dial|broad|band|user|dhcp|pool|client|cable|pppoe|hsd|dyn|static|ppp|speedy|customer\N}{yes}{no}}
         !hosts         = +ignore_defer : +ignore_unknown : net-iplsearch;/etc/exim4/lst/skp_heloadsl
         condition      = ${if match_ip{$sender_host_address}{${lookup dnsdb{>: defer_lax,a=${lookup dnsdb{>: defer_lax,mxh=$sender_address_domain}}}}}{no}{yes}}
         condition      = ${if match_ip{$sender_host_address}{${lookup dnsdb{>: defer_never,a=$sender_helo_name}}}{no}{yes}}
         !spf           = pass
         delay          = 45s


https://github.com/Exim/exim/wiki/AclSmtpData

Fake my message ID domain or subdomain

drop   message        = No you are not ME or OURS (Message-ID was ${domain:$h_Message-ID:} and equal my interface hostname)
       !hosts         = +relay_from_hosts : +relay_mx_hosts
       condition      = ${if !def:interface_address {no}{yes}}
       condition      = ${if !def:h_message-id: {no}{yes}}
       condition      = ${if match_ip{$interface_address}{${lookup dnsdb{>: defer_never,a=${domain:$h_Message-ID:}}}}{yes}{no}}
       delay          = 45s