Alexander Shikoff wrote:
> Hello,
>
> To discover some strange issue I've put some additional logging into HELO
> and RCPT ACLs:
>
> acl_check_helo:
> deny
> # reject IP-addresses IN HELO/EHLO
> message = Bad HELO/EHLO
> condition =
> ${lookup{$sender_helo_name}nwildlsearch{BL_BAD_HELO}{yes}{no}}
>
> acl_check_rcpt:
> warn
> logwrite = ---$sender_host_address/$sender_helo_name---
> [...]
>
> After that I got in log:
>
> Feb 2 14:31:59 crow exim[39322]: 2007-02-02 14:31:59 H=(201.250.198.147)
> [201.250.198.147] rejected EHLO or HELO 201.250.198.147: Bad HELO/EHLO
> Feb 2 14:32:01 crow exim[39322]: 2007-02-02 14:32:01 ---201.250.198.147/---
> Feb 2 14:32:05 crow exim[39322]: 2007-02-02 14:32:05 H=[201.250.198.147]
> F=<[EMAIL PROTECTED]> rejected RCPT <[EMAIL PROTECTED]>: 201.250.198.147
> listed by list.dsbl.org
>
> Now a riddle: what HELO did remote host send?!
> Any suggestions?
>
Change:
message = Bad HELO/EHLO
to:
message = Bad HELO/EHLO from $sender_helo_name
ELSE:
log_selector = +all
OR
log_selector = <your own '+' and '-' list of what you want logged/not>
Bill
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
