Re: [exim] block hacker helo's

Top Page
Delete this message
Reply to this message
Author: Andy Smith
Date:  
To: exim-users
Subject: Re: [exim] block hacker helo's
On 2017-02-07 13:04, Andy Smith wrote:

> # Blacklist
> auth_advertise_hosts =\
> ${lookup{$sender_helo_name}\
> lsearch{/usr/local/etc/exim/heloblocks}{}{*}\
> }


thanks for those that replied, sorry for the late reply. In case its
useful to anyone, I can confirm my original code does work, I either
didn't have it in the right place in the config or was confused when
testing this (ie "help" still shows auth option).

Seeing this in the logs for banned "helo"s:

2017-02-17 10:56:08 [16587] SMTP protocol error in "AUTH LOGIN" H=(User)
[94.102.56.181]:12124 I=[x:x:x:x]:25 AUTH command used when not
advertised

thanks, Andy.