configs/config.samples/C049

   1 From: Suresh Ramasubramanian <linux@frodo.hserus.net>
   2 Date: Mon, 11 Aug 2003 11:57:39 +0530
   3
   4 I've been seeing a whole bunch of IPs that send me spam / virus mail and
   5 HELOing as one of my own IPs, or as HELO one.of.my.own.domains (or maybe
   6 HELO primary_hostname)
   7
   8 On the other hand, I have users relaying through my box with AUTH, using
   9 mozilla, which HELO's as "HELO hserus.net" if a hserus.net user relays.
  10
  11 Here's something to stop this stuff - in acl_check_rcpt:
  12
  13 [snippet in exim configure file]
  14
  15   accept  hosts = :
  16
  17   # Accept all authenticated senders
  18   accept  authenticated = *
  19
  20   # Spam control
  21
  22   # Be polite and say HELO. Reject anything from hosts that havn't given
  23   # a valid HELO/EHLO to us.
  24   deny condition = ${if \
  25     or{{!def:sender_helo_name}{eq{$sender_helo_name}{}}}{yes}{no}}
  26            message = RFCs mandate HELO/EHLO before mail can be sent
  27
  28   # Forged hostname - HELOs as my own hostname or domain
  29   deny  message = Forged hostname detected in HELO: $sender_helo_name
  30         hosts   = !+relay_from_hosts
  31         log_message = Forged hostname detected in HELO: \
  32         $sender_helo_name
  33         condition = ${lookup {$sender_helo_name} \
  34                 lsearch{/usr/local/etc/exim/local_domains}{yes}{no}}
  35
  36   # Forged hostname -HELOs as one of my own IPs
  37   deny message = Forged IP detected in HELO: $sender_helo_name
  38        hosts = !+relay_from_hosts
  39        log_message = Forged IP detected in HELO: $sender_helo_name
  40        condition = ${if \
  41           eq{$sender_helo_name}{$interface_address}{yes}{no}}
  42
  43 [end snippet]
  44