1 From: Suresh Ramasubramanian <linux@frodo.hserus.net>
2 Date: Mon, 11 Aug 2003 11:57:39 +0530
4 I've been seeing a whole bunch of IPs that send me spam / virus mail and
5 HELOing as one of my own IPs, or as HELO one.of.my.own.domains (or maybe
8 On the other hand, I have users relaying through my box with AUTH, using
9 mozilla, which HELO's as "HELO hserus.net" if a hserus.net user relays.
11 Here's something to stop this stuff - in acl_check_rcpt:
13 [snippet in exim configure file]
17 # Accept all authenticated senders
18 accept authenticated = *
22 # Be polite and say HELO. Reject anything from hosts that havn't given
23 # a valid HELO/EHLO to us.
24 deny condition = ${if \
25 or{{!def:sender_helo_name}{eq{$sender_helo_name}{}}}{yes}{no}}
26 message = RFCs mandate HELO/EHLO before mail can be sent
28 # Forged hostname - HELOs as my own hostname or domain
29 deny message = Forged hostname detected in HELO: $sender_helo_name
30 hosts = !+relay_from_hosts
31 log_message = Forged hostname detected in HELO: \
33 condition = ${lookup {$sender_helo_name} \
34 lsearch{/usr/local/etc/exim/local_domains}{yes}{no}}
36 # Forged hostname -HELOs as one of my own IPs
37 deny message = Forged IP detected in HELO: $sender_helo_name
38 hosts = !+relay_from_hosts
39 log_message = Forged IP detected in HELO: $sender_helo_name
41 eq{$sender_helo_name}{$interface_address}{yes}{no}}