I'm having some trouble setting up a rule in acl_check_mail to reject
remote hosts that HELO or announce their own host name with my own domain.
I currently have these as the last three rules of acl_check_mail:
deny
message = Invalid HELO
condition = ${if
match_domain{$sender_helo_name}{+local_domains:+relay_to_domains}{yes}{no}}
deny
message = Invalid HELO
condition = ${if
match_domain{${extract{-3}{.}{$sender_helo_name}}.${extract{-2}{.}{$sender_helo_name}}.${extract{-1}{.}{$sender_helo_name}}}{+local_domains:+relay_to_domains}{yes}{no}}
deny
message = Invalid HELO
condition = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}}
condition = ${if match{$sender_helo_name}{\N\.\N}{no}{yes}}
However, today I had a spammer try 20 times to send to various
addresses. Each time it used some version of the HELO with my domain
(smtp.* and mail.* were the two).
The machine's hostname is mail but the rule was only triggered twice.
The rest of the time it seemed to fall straight through to the
acl_check_rcpt right below and performed a verify sender which failed.
I'm not sure how to test in a way that causes the host name to appear as
whatever I want and I'm also not quite understanding why the rules
failed. I know I missed something.
2015-02-20 20:47:50 H=(mail.acarver.net) [177.11.51.69] I=[10.0.0.6]:25
rejected MAIL <cwcxk@???>: Invalid HELO
2015-02-20 20:47:50 H=(smtp.acarver.net) [177.11.51.69] I=[10.0.0.6]:25
sender verify fail for <lsvbxff@???>: Unrouteable address
2015-02-20 20:47:50 H=(smtp.acarver.net) [177.11.51.69] I=[10.0.0.6]:25
F=<lsvbxff@???> rejected RCPT <teste13.pop3@???>: Sender
verify failed
2015-02-20 20:47:50 H=(mail.acarver.net) [177.11.51.69] I=[10.0.0.6]:25
rejected MAIL cwcxk@???: Invalid HELO
2015-02-20 20:47:50 H=(mail.acarver.org) [177.11.51.69] I=[10.0.0.6]:25
sender verify fail for <de7qju@???>: Unrouteable address
2015-02-20 20:47:50 H=(mail.acarver.org) [177.11.51.69] I=[10.0.0.6]:25
F=<de7qju@???> rejected RCPT <teste13.pop3@???>: Sender
verify failed
2015-02-20 20:47:51 H=(smtp.acarver.net) [177.11.51.69] I=[10.0.0.6]:25
F=<lsvbxff@???> rejected RCPT <teste4_pop3@???>: Sender
verify failed
2015-02-20 20:47:51 H=(mail.acarver.org) [177.11.51.69] I=[10.0.0.6]:25
F=<de7qju@???> rejected RCPT <teste4_pop3@???>: Sender
verify failed
2015-02-20 20:47:51 H=(smtp.acarver.org) [177.11.51.69] I=[10.0.0.6]:25
sender verify fail for <jyfa2tvh@???>: Unrouteable address
2015-02-20 20:47:51 H=(smtp.acarver.org) [177.11.51.69] I=[10.0.0.6]:25
F=<jyfa2tvh@???> rejected RCPT <teste13.pop3@???>:
Sender verify failed
2015-02-20 20:47:51 H=(smtp.acarver.net) [177.11.51.69] I=[10.0.0.6]:25
F=<lsvbxff@???> rejected RCPT <piresrickval1@???>: Sender
verify failed
2015-02-20 20:47:51 H=(mail.acarver.org) [177.11.51.69] I=[10.0.0.6]:25
F=<de7qju@???> rejected RCPT <piresrickval1@???>: Sender
verify failed
2015-02-20 20:47:51 H=(smtp.acarver.org) [177.11.51.69] I=[10.0.0.6]:25
F=<jyfa2tvh@???> rejected RCPT <teste4_pop3@???>:
Sender verify failed
2015-02-20 20:47:51 H=(smtp.acarver.org) [177.11.51.69] I=[10.0.0.6]:25
F=<jyfa2tvh@???> rejected RCPT <piresrickval1@???>: Sender
verify failed