--- /dev/null
+From: Suresh Ramasubramanian <linux@frodo.hserus.net>
+Date: Mon, 11 Aug 2003 11:57:39 +0530
+
+I've been seeing a whole bunch of IPs that send me spam / virus mail and
+HELOing as one of my own IPs, or as HELO one.of.my.own.domains (or maybe
+HELO primary_hostname)
+
+On the other hand, I have users relaying through my box with AUTH, using
+mozilla, which HELO's as "HELO hserus.net" if a hserus.net user relays.
+
+Here's something to stop this stuff - in acl_check_rcpt:
+
+[snippet in exim configure file]
+
+ accept hosts = :
+
+ # Accept all authenticated senders
+ accept authenticated = *
+
+ # Spam control
+
+ # Be polite and say HELO. Reject anything from hosts that havn't given
+ # a valid HELO/EHLO to us.
+ deny condition = ${if \
+ or{{!def:sender_helo_name}{eq{$sender_helo_name}{}}}{yes}{no}}
+ message = RFCs mandate HELO/EHLO before mail can be sent
+
+ # Forged hostname - HELOs as my own hostname or domain
+ deny message = Forged hostname detected in HELO: $sender_helo_name
+ hosts = !+relay_from_hosts
+ log_message = Forged hostname detected in HELO: \
+ $sender_helo_name
+ condition = ${lookup {$sender_helo_name} \
+ lsearch{/usr/local/etc/exim/local_domains}{yes}{no}}
+
+ # Forged hostname -HELOs as one of my own IPs
+ deny message = Forged IP detected in HELO: $sender_helo_name
+ hosts = !+relay_from_hosts
+ log_message = Forged IP detected in HELO: $sender_helo_name
+ condition = ${if \
+ eq{$sender_helo_name}{$interface_address}{yes}{no}}
+
+[end snippet]
+