[exim] Re: Rejecting connections that have only IP as sender…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\Jeremy Harris at <-
MM 
Delete this message
Reply to this message
Author: Slavko
Date:  
To: exim-users
Subject: [exim] Re: Rejecting connections that have only IP as sender_helo
Dňa 28. mája 2023 10:34:33 UTC používateľ AC via Exim-users <exim-users@???> napísal:

>Thank you for the clarification. So in the case of the log showing H=(hostname) [ip] then the HELO/EHLO name matched the hostname obtained by RDNS of the ip but if I saw H=hostname (other_hostname) [ip] then the HELO/EHLO did not match the RDNS of the IP? What about when the hostname is not in parenthesis in this format H=hostname [ip]?

Consider PTR record returning "example.org" and client
sends "example.org" in EHLO, thus ehlo name matches
PTR name, two cases can happen:

+ PTR name is confirmed, thus variable has that name
  and in log:

      H=example.org [IP]

+ PTR name is not confirmed, thus variable has not
  any value a in log:

      H=(example.org) [IP]

Now consider PTR record returning "example.org" and client
sends "example.com" in EHLO, thus ehlo name doesn't matches
PTR name, two cases can happen again:

+ PTR name is confirmed, thus variable has that name
  and in log:

      H=example.org (example.com) [IP]

+ PTR name is not confirmed, thus variable has not
  any value a in log:

      H=(example.com) [IP]

In other words, one can distinguish different EHLO &
PTR names, if PTR was comfirmed. If PTR was not
confirmed, one cannot know if these names matches
or not from log entry, nor if PTR was not confirmed
or PTR doesn't exists at all. One even cannot know,
if PTR is missing or IP of that name is missing...

When i start to deal with that, i even draw flowchart,
but once you get it, it is simple ;-)

>I ask because I tried implementing this deny rule:
>
>${if def:sender_host_name {no}{yes}}

You can simplify that condition by negation and
leave default ${if} results in most cases:

    ${if !def:sender_host_name}

>H=cumin.exim.org [37.120.190.30]

PTR confirmed (and matches EHLO), thus variable has
value (is defined).

>H=(223-22-233-97.mobile.dynamic.aptg.com.tw) [223.22.233.97]

PTR missing or not confirmed, thus variable is empty
(is not defined).

Note, empty variable (value) is the same as not defined,
the defined references variable's value, not the variable
itself...

regards


--
Slavko
https://www.slavino.sk/

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] Re: Rejecting connections that have only IP as sender_helo[exim] Excessive "bad recipient" messages in syslog->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)