[exim] block hacker helo's

Top Page
This message is part of the following thread:
M+\the complete thread tree sorted by date
MMM 
Jeremy Harris at ->
Delete this message
Reply to this message
Author: Andy Smith
Date:  
To: exim-users
Old-Topics: [exim] rDNS lookup problem
Subject: [exim] block hacker helo's
Hi list,

I've already configured fail2ban to block brute force attacks on my
Exim server but thought it would be nice to be able to block outright
known abusive helo's. So I've had a dig and I came up with this config:

# Blacklist
auth_advertise_hosts =\
${lookup{$sender_helo_name}\
lsearch{/usr/local/etc/exim/heloblocks}{}{*}\
}

But it doesn't seem to work so I'm hoping someone can give me a pointer.


Also I have a general doubt, when using the term advertise in Exim does
this mean purely to advertise funcionality or does it actually mean to
provide or not that funcionality? Ie am I actually blocking auth by not
advertising it, when talking about an abusive connection that isn't
following the RFCs etc?

thanks in advance, Andy.
This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] block replies onlyRe: [exim] block hacker helo's->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)