[exim] Re: Rejecting connections that have only IP as sender…

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: AC
Data:  
Para: exim-users
Assunto: [exim] Re: Rejecting connections that have only IP as sender_helo
On 2023-05-28 01:29, Cyborg via Exim-users wrote:
> Am 28.05.23 um 04:04 schrieb AC via Exim-users:
>> I was searching through the lists and reading the documentation but
>> I'm coming up short on blocking IP only senders.
>>
>> I've seen ACLs checking sender_helo_name using isip{} but that doesn't
>> seem to do anything for the case of a literal IP:
>>
>> H=([185.17.76.25])
>>
>> What's the proper way to check for the above condition and reject it?
>>
> Simple:
>
> drop    message         = invalid NON-FQDN HELO ($sender_helo_name),
> please talk to your mailserveradmin about this
>            condition  = ${if
> match{$sender_helo_name}{\N^\[[0-9]+.*\N}{0}{1}}     <- unchecked regex,
> may need adjustment
>            condition  = ${if match{$sender_helo_name}{\N(\.|:)\N}{0}{1}}
>            ... add more rules to your needs...
>
> you should add a rule, which skips, if the sender host is it's own
> localhost via smtp.
>
> Looks like this in the logs:
>
> 2023-05-28 09:36:46 H=(localhost) [117.7.227.162] rejected MAIL
> <hqih8fu3v6mc@???>: invalid NON-FQDN HELO (localhost),
> please talk to your mailserveradmin about this
>
>
> best regards,
> Marius
>


Thanks, I already did check localhost but it appears what I was after
was actually sender_host_name being empty which, from what I understand,
is what H=([ip]) actually represents in the logs (if that's not the case
hopefully someone can correct me).

Now, along the same lines, which ACL would handle the TLS connection
phase (the portion of the connection where the error: "TLS error on
connection from ... (gnutls_handshake): The TLS connection was
non-properly terminated")? I'd like to put a similar rule in to block
connections from IP only sources.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/