[exim] ACL for rejecting own host in HELO

Startseite
Nachricht löschen
Nachricht beantworten
Autor: AC
Datum:  
To: exim-users
Betreff: [exim] ACL for rejecting own host in HELO
I'm having some trouble setting up a rule in acl_check_mail to reject
remote hosts that HELO or announce their own host name with my own domain.

I currently have these as the last three rules of acl_check_mail:

  deny
    message = Invalid HELO
    condition = ${if
match_domain{$sender_helo_name}{+local_domains:+relay_to_domains}{yes}{no}}


  deny
    message = Invalid HELO
    condition = ${if
match_domain{${extract{-3}{.}{$sender_helo_name}}.${extract{-2}{.}{$sender_helo_name}}.${extract{-1}{.}{$sender_helo_name}}}{+local_domains:+relay_to_domains}{yes}{no}}


  deny
    message = Invalid HELO
    condition = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}}
    condition = ${if match{$sender_helo_name}{\N\.\N}{no}{yes}}



However, today I had a spammer try 20 times to send to various
addresses. Each time it used some version of the HELO with my domain
(smtp.* and mail.* were the two).

The machine's hostname is mail but the rule was only triggered twice.
The rest of the time it seemed to fall straight through to the
acl_check_rcpt right below and performed a verify sender which failed.
I'm not sure how to test in a way that causes the host name to appear as
whatever I want and I'm also not quite understanding why the rules
failed. I know I missed something.


2015-02-20 20:47:50 H=(mail.acarver.net) [177.11.51.69] I=[10.0.0.6]:25
rejected MAIL <cwcxk@???>: Invalid HELO
2015-02-20 20:47:50 H=(smtp.acarver.net) [177.11.51.69] I=[10.0.0.6]:25
sender verify fail for <lsvbxff@???>: Unrouteable address
2015-02-20 20:47:50 H=(smtp.acarver.net) [177.11.51.69] I=[10.0.0.6]:25
F=<lsvbxff@???> rejected RCPT <teste13.pop3@???>: Sender
verify failed
2015-02-20 20:47:50 H=(mail.acarver.net) [177.11.51.69] I=[10.0.0.6]:25
rejected MAIL cwcxk@???: Invalid HELO
2015-02-20 20:47:50 H=(mail.acarver.org) [177.11.51.69] I=[10.0.0.6]:25
sender verify fail for <de7qju@???>: Unrouteable address
2015-02-20 20:47:50 H=(mail.acarver.org) [177.11.51.69] I=[10.0.0.6]:25
F=<de7qju@???> rejected RCPT <teste13.pop3@???>: Sender
verify failed
2015-02-20 20:47:51 H=(smtp.acarver.net) [177.11.51.69] I=[10.0.0.6]:25
F=<lsvbxff@???> rejected RCPT <teste4_pop3@???>: Sender
verify failed
2015-02-20 20:47:51 H=(mail.acarver.org) [177.11.51.69] I=[10.0.0.6]:25
F=<de7qju@???> rejected RCPT <teste4_pop3@???>: Sender
verify failed
2015-02-20 20:47:51 H=(smtp.acarver.org) [177.11.51.69] I=[10.0.0.6]:25
sender verify fail for <jyfa2tvh@???>: Unrouteable address
2015-02-20 20:47:51 H=(smtp.acarver.org) [177.11.51.69] I=[10.0.0.6]:25
F=<jyfa2tvh@???> rejected RCPT <teste13.pop3@???>:
Sender verify failed
2015-02-20 20:47:51 H=(smtp.acarver.net) [177.11.51.69] I=[10.0.0.6]:25
F=<lsvbxff@???> rejected RCPT <piresrickval1@???>: Sender
verify failed
2015-02-20 20:47:51 H=(mail.acarver.org) [177.11.51.69] I=[10.0.0.6]:25
F=<de7qju@???> rejected RCPT <piresrickval1@???>: Sender
verify failed
2015-02-20 20:47:51 H=(smtp.acarver.org) [177.11.51.69] I=[10.0.0.6]:25
F=<jyfa2tvh@???> rejected RCPT <teste4_pop3@???>:
Sender verify failed
2015-02-20 20:47:51 H=(smtp.acarver.org) [177.11.51.69] I=[10.0.0.6]:25
F=<jyfa2tvh@???> rejected RCPT <piresrickval1@???>: Sender
verify failed