[exim] block hacker helo's

Hi list,

I've already configured fail2ban to block brute force attacks on my
Exim server but thought it would be nice to be able to block outright
known abusive helo's. So I've had a dig and I came up with this config:

# Blacklist
auth_advertise_hosts =\
${lookup{$sender_helo_name}\
lsearch{/usr/local/etc/exim/heloblocks}{}{*}\
}

But it doesn't seem to work so I'm hoping someone can give me a pointer.


Also I have a general doubt, when using the term advertise in Exim does
this mean purely to advertise funcionality or does it actually mean to
provide or not that funcionality? Ie am I actually blocking auth by not
advertising it, when talking about an abusive connection that isn't
following the RFCs etc?

thanks in advance, Andy.