[exim] Re: Rejecting connections that have only IP as sender…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\Jeremy Harris at <-
MMJeremy Harris at ->
Delete this message
Reply to this message
Author: AC
Date:  
To: exim-users
Subject: [exim] Re: Rejecting connections that have only IP as sender_helo
On 2023-05-28 03:10, Slavko via Exim-users wrote:
> Dňa 28. mája 2023 9:35:07 UTC používateľ AC via Exim-users <exim-users@???> napísal:
> 
>> Thanks, I already did check localhost but it appears what I was after was actually sender_host_name being empty which, from what I understand, is what H=([ip]) actually represents in the logs (if that's not the case hopefully someone can correct me).
> 
> There are two names of remote client, the one used in EHLO
> SMTP command and one from IPs PTR record.
> 
> The EHLO name is shown in log only if it differs from (confirmed)
> PTR name
> 
> The PTR name is in log only if that name's IP matches client's
> IP (is confirmed) and exim is configured to obtain that PTR
> name (i do it on MTA but don't do it on MSA).
> 
> Thus full host entry in log has format (if EHLO & PTR names
> differs)
> 
>      H=ptr_name (ehlo_name) [client_ip]
> 
> The log entry "H=([ip]) ..." means, that here is not (confirmed)
> PTR name and client used IP literal in EHLO name. It is expected
> on MSA (from users), but AFAIK has not be used by MTA
> nowadays (i do not accept it). Address literal is basically
> IP (with prefix for IPv6) enclosed in squared brackets, thus
> simple ${sg} regex can detect it...
> 
> These squared brackets can be confusing, as real IP is
> enclosed in them in logs too, but notice the "normal" brackets,
> which encloses EHLO name...
> 
> Check docs for appropriate variables for these names and
> related settings, they are on multiple different places.
> 
> regards
> 
>


Thank you for the clarification. So in the case of the log showing
H=(hostname) [ip] then the HELO/EHLO name matched the hostname obtained
by RDNS of the ip but if I saw H=hostname (other_hostname) [ip] then the
HELO/EHLO did not match the RDNS of the IP? What about when the hostname
is not in parenthesis in this format H=hostname [ip]?

I ask because I tried implementing this deny rule:

${if def:sender_host_name {no}{yes}}

And this rule is triggering on cases where I have H=(hostname) [ip]
but not in cases where I have H=hostname [ip]

An example from my recent logs:

H=cumin.exim.org [37.120.190.30]
This passed the above rule (meaning it found sender_host_name and
returned "no")

H=(223-22-233-97.mobile.dynamic.aptg.com.tw) [223.22.233.97]
This failed the above rule (sender_host_name was not defined and the
rule returned "yes")

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] Re: Rejecting connections that have only IP as sender_helo[exim] Re: Rejecting connections that have only IP as sender_helo->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)