Re: [exim] A DOS?

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Mike Tubby
Fecha:  
A: exim-users
Asunto: Re: [exim] A DOS?


On 05/06/2020 10:24, Jacques B. Siboni via Exim-users wrote:
> On Fri, 2020-06-05 at 09:36 +0100, Jeremy Harris via Exim-users wrote:
>> By the way, if you really are logging "H=router" then you
>> have an unusual network setup. If you obfuscated it, then
>> you are making it harder for us to help you.
> No That's exactly as it appears in the log. I agree that my network setup is
> B.A.D!
>
> Jacques
>
>



Things you might want to reject at HELO time:


        #
        # check for single word greeting messages like "HELO COMPUTER"
        #
        deny    condition = ${if match {$sender_helo_name} {\\.} {no}{yes}}
                message = Your HELO/EHLO greeting ($sender_helo_name)
is a single word. \
                        According to RFC2821 you must use your
fully-qualified domain-name. \
                        Please fix your configuration if you want to
talk to us
                logwrite = HELO: HELO/EHLO was not a FQDN :
$sender_helo_name from $sender_fullhost

        #
        # check for raw IP address in greeting like "HELO 1.2.3.4"
        #
        deny    condition = ${if isip{$sender_helo_name}}
                #condition = ${if match
{$sender_helo_name}{^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\$}{yes}{no}}
                message = Your HELO/EHLO greeting ($sender_helo_name)
is a plain IP address. \
                        According to RFC2821 you must use your
fully-qualified domain-name. \
                        Please fix your configuration if you want to
talk to us
                logwrite = HELO: HELO/EHLO with bare IP :
$sender_helo_name from $sender_fullhost

        #
        # check for HELO from our host name... must be fake
        #
        deny    condition = ${if match
{$sender_helo_name}{$primary_hostname}{true}{false}}
                message = Your HELO/EHLO greeting ($sender_helo_name)
is using our name! \
                        According to RFC2821 you must use your
fully-qualified domain-name. \
                        Please fix your configuration if you want to
talk to us
                logwrite = HELO: Rejected because remote host used our
hostname: $sender_helo_name



Mike