> > 2008-12-21 18:22:57 1LESx5-0009ne-I2 <= [email protected] > > H=(62-30-39-110.cable.ubr02.wiga.blueyonder.co.uk) [62.30.39.110]:4254 > > I=[217.112.92.232]:25 P=esmtp S=3619 T="Hi, my lost love )" from > > <[email protected]> for [email protected]
I greylist mail with such helo. See my ACL attached to http://wiki.exim.org/DbLessGreyListingRun An excerpt: defer log_message = greylisted because `HELO $sender_helo_name` looks \ dynamic condition = ${if match{$sender_helo_name}\ {\N(\d{1,3}[-.]){3}\d\N}} condition = ${if !match{$sender_helo_name}{sta}} set acl_c_grey_checked = deferred/greylisted because \ `HELO $sender_helo_name` looks like dynamic message = $acl_c_grey_checked set acl_c_grey_result = ${if exists{$acl_m_greyfile}\ {${if >{${eval:$tod_epoch-\ ${extract{mtime}{${stat:$acl_m_greyfile}}}}}{180}{0}{1}}}\ {${if eq{${run{/usr/bin/touch $acl_m_greyfile}}}{}{1}{1}}}} condition = $acl_c_grey_result accept condition = ${if def:acl_c_grey_checked} add_header = X-OOOOOOOOOOOOOOOOOOOOOOOOOO: passed greylisting helo dyn logwrite = passed greylisting helo dyn \ ${sg{$sender_rcvhost}{\N[\n\t]+\N}{\040}} My ACLs perform also other checks. In practice they fend such spam off before DATA, reducing bandwidth expence and load. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
