Re: [exim] Spam bypassing spamassassin et al

Startseite
Nachricht löschen
Nachricht beantworten
Autor: John Mc Murray
Datum:  
To: Always Learning, Exim
Betreff: Re: [exim] Spam bypassing spamassassin et al
Hi Paul,

Agreed, and that is what I'm trying to achieve with this in the RCPT ACL
(just logging at the moment, not actually dropping or denying):


warn log_message   = HELO Policy Restriction: HELO is not an FQDN.
      condition = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}}
      condition = ${if match{$sender_helo_name}{\N[^.]\N}{no}{yes}}
      add_header = X-Spam-Note: HELO Policy Restriction: HELO is not an 
FQDN at 1
warn log_message   = HELO Policy Restriction: HELO is not an FQDN.
      condition = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}}
      condition = ${if match{$sender_helo_name}{\N\.\N}{no}{yes}}
      add_header = X-Spam-Note: HELO Policy Restriction: HELO is not an 
FQDN at 2




This logs and adds the headers for spam in general, but the spam that I
quoted in my original mail bypasses all of those ACLs, including
spamassassin..

So just to make it clear, this question was not about "how to block",
but rather "why doesn't it block for this very specific spam mail"

Thanks for your reply..

John




On 01/09/2015 15:36, Always Learning wrote:
> On Tue, 2015-09-01 at 12:29 +0200, John Mc Murray wrote:
>
>> I have an issue that I can't explain. I've been received a fair amount
>> of the spam below.
>> Received: from a113.sub165.net78.udm.net ([78.85.165.113]:51034
>> helo=78.85.165.113)
>>           by myserver.co.za with smtp (Exim 4.80.1)
>>           id 1ZWiVw-0007MT-3m
>>           for my@???; Tue, 01 Sep 2015 12:10:04 +0200
> That email would *not* be accepted by my Exim configuration.

>
> A HELO/EHLO containing an IP address and/or [] would result in the
> email's rejection with a suitable message.
>
> Don't make yourself a willing victim of spam - aggressively oppose it.
>
>