[exim] Please help with ACL issue

Sun, 01 Oct 2006 12:58:15 -0700 

Thanks for ready this.

I've just modified one of my ACLs by adding this stanza, which I though
would flag MTA's whose HELO/EHLO didn't match their IP:

  warn
    message     = X-HELO-Warning: Remote host $sender_host_address \
                  ${if def:sender_host_name {($sender_host_name) }}\
                  incorrectly presented itself as $sender_helo_name
    log_message = remote host presented unverifiable HELO/EHLO greeting.
    !verify     = helo


When I sent myself a test message, I got this result:

Return-path: <[EMAIL PROTECTED]>
Envelope-to: [EMAIL PROTECTED]
Delivery-date: Sun, 01 Oct 2006 15:33:23 -0400
Received: from mail1.sea5.speakeasy.net ([69.17.117.3]) by
        billhorne.homelinux.org with esmtp (Exim 4.50) id
1GU73r-0003Lq-GZ for
        [EMAIL PROTECTED]; Sun, 01 Oct 2006 15:33:23 -0400
Received: (qmail 31313 invoked from network); 1 Oct 2006 19:32:21 -0000
Received: from dsl092-086-246.bos1.dsl.speakeasy.net (HELO
[192.168.10.91])
        ([EMAIL PROTECTED]) (envelope-sender
<[EMAIL PROTECTED]>) by
        mail1.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP for
        <[EMAIL PROTECTED]>; 1 Oct 2006 19:32:20 -0000
Message-ID: <[EMAIL PROTECTED]>
Date: Sun, 01 Oct 2006 15:36:23 -0400
From: Bill Horne <[EMAIL PROTECTED]>
User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To:  [EMAIL PROTECTED]
Subject: Test
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-HELO-Warning: Remote host 69.17.117.3 (mail1.sea5.speakeasy.net) 
        incorrectly presented itself as mail1.sea5.speakeasy.net
X-Spam-Score: 0.0 (/)
Status: O
X-Status: O

Test

-- 
E. William Horne
William Warren Consulting
Computer and Network Installation & Service
Voice:  781 784-7287




(The speakeasy addresses have been munged for all the usual reasons)

Here's the entry from the Exim4 log:

2006-10-01 15:33:15 1GU73r-0003Lq-GZ H=mail1.sea5.speakeasy.net [69.17.117.3] 
Warning: remote host presented unverifiable HELO/EHLO greeting.
2006-10-01 15:33:23 1GU73r-0003Lq-GZ <= [EMAIL PROTECTED] 
H=mail1.sea5.speakeasy.net [69.17.117.3] P=esmtp S=1179 [EMAIL PROTECTED]
2006-10-01 15:33:23 1GU73r-0003Lq-GZ => exim <[EMAIL PROTECTED]> R=local_user 
T=mail_spool
2006-10-01 15:33:23 1GU73r-0003Lq-GZ Completed

Of course, 69.17.117.3 is shown in the A record for mail1.sea5.speakeasy.net. 
There is, however, no PTR record.

The idea is that this ACL will flag MTA's whose A record doesn't match their 
HELO, but I'm missing something obvious: all suggestions welcome. TIA.

Bill Horne


-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Reply via email to