Author: Mike Tubby Date: To: exim-users Subject: Re: [exim] A DOS?
On 05/06/2020 10:24, Jacques B. Siboni via Exim-users wrote: > On Fri, 2020-06-05 at 09:36 +0100, Jeremy Harris via Exim-users wrote:
>> By the way, if you really are logging "H=router" then you
>> have an unusual network setup. If you obfuscated it, then
>> you are making it harder for us to help you.
> No That's exactly as it appears in the log. I agree that my network setup is
> B.A.D!
>
> Jacques
>
>
Things you might want to reject at HELO time:
#
# check for single word greeting messages like "HELO COMPUTER"
#
deny condition = ${if match {$sender_helo_name} {\\.} {no}{yes}}
message = Your HELO/EHLO greeting ($sender_helo_name)
is a single word. \
According to RFC2821 you must use your
fully-qualified domain-name. \
Please fix your configuration if you want to
talk to us
logwrite = HELO: HELO/EHLO was not a FQDN :
$sender_helo_name from $sender_fullhost
#
# check for raw IP address in greeting like "HELO 1.2.3.4"
#
deny condition = ${if isip{$sender_helo_name}}
#condition = ${if match
{$sender_helo_name}{^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\$}{yes}{no}}
message = Your HELO/EHLO greeting ($sender_helo_name)
is a plain IP address. \
According to RFC2821 you must use your
fully-qualified domain-name. \
Please fix your configuration if you want to
talk to us
logwrite = HELO: HELO/EHLO with bare IP :
$sender_helo_name from $sender_fullhost
#
# check for HELO from our host name... must be fake
#
deny condition = ${if match
{$sender_helo_name}{$primary_hostname}{true}{false}}
message = Your HELO/EHLO greeting ($sender_helo_name)
is using our name! \
According to RFC2821 you must use your
fully-qualified domain-name. \
Please fix your configuration if you want to
talk to us
logwrite = HELO: Rejected because remote host used our
hostname: $sender_helo_name
