Re: [exim] exim still accepting email after 550 from acl_che…

Top Page
Delete this message
Reply to this message
Author: Steven A. Reisman
Date:  
To: exim-users
Subject: Re: [exim] exim still accepting email after 550 from acl_check_helo
On Tue, Jan 12, 2016 at 08:25:53AM -0800, Richard Doyle wrote:
> > (I believe it's not even trying to send mail, but instead is trying
> > a brute force SMTP AUTH attack.)


> This works for me. In acl_smtp_auth:
> drop condition = ${if match{$sender_helo_name}{ylmf-pc}{yes}{no}}


Don't even advertise AUTH to potential abusers...

# Blacklist
auth_advertise_hosts =\
        ${if and {\
                { eq {$received_port}{587}}\
                { !inlist {$sender_helo_name}\
                {ylmf-pc:other.bogus.heloname}}\
                }\
            {*}{}\
         }


or...


# Whitelist
auth_advertise_hosts =\
        ${if and {\
                { eq {$received_port}{587}}\
                { inlist {$sender_helo_name}\
                {my.golden.pc:other.golden.heloname}}\
                }\
            {*}{}\
         }



Steve