[exim] allowing bogus sender_helo_name if authenticated.

Top Pagina
Delete this message
Reply to this message
Auteur: Gary Stainburn
Datum:  
Aan: exim-users
Onderwerp: [exim] allowing bogus sender_helo_name if authenticated.
I have the following check in acl_check_helo

  deny   hosts = !+relay_from_hosts
         message = Your server with the IP $sender_host_address is with\
         help name ($sender_helo_name) configured incorrectly. \
        Email has been blocked. (HELO Error)
         condition = ${if match{$sender_helo_name}{\\.}{no}{yes}}


This rejects emails if the hello name isn't a FQDN. It is one of the most
successful checks as it stops a lot of SPAM pretty much as soon as the
connection is made.

However, I have a number of remote users who use (unfortunately) Windows and
Office. These laptops use the computer's name as the helo name, e.g.
LSALES7, which is not valid.

I've had to add additional conditions, one for each laptop to allow them to
work.

condition = ${if match{$sender_helo_name}{LSALES7}{no}{yes}}

As I was adding another one today I was wondering if there is a better way.
Every one of these users authenticates before they are allowed to send
emails. I was wondering how I could use this information to come up with a
better solution.

The problem is of course that this check is done before the user
authenticates.

Does anyone have any ideas?