Hi Bill, On Tue, 2012-09-04 at 17:57 +0000, W B Hacker wrote:
> Always Learning wrote: > > > > In ACL HELO how can one match the data in the HELO/EHLO line ? I want > > to match 'Microsoft ESMTP MAIL Service' and then drop or reject the > > connection. > > > > 220 galsrv1.galvatech.local Microsoft ESMTP MAIL Service, Version: > > 6.0.3790.4675 ready at Wed, 5 Sep 2012 03:29:41 +1000 > > > > 220 adstudio.co.za Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 > > ready at Tue, 4 Sep 2012 19:31:48 +0200 > Experiment with this before going TOO far. I've got 4 mail servers I can play with. > Not ALL of those using EMM ASS tools are bad-actors, and blocking on > anyhting but the LAST MILE sending server is dodgy: > > === > > warn > logwrite = Traversing MS ESMTP test > regex = ^HELO:: .*Microsoft ESMTP MAIL > log_message = $sender_host_address matched MS ESMTP > === > > CAVEAT: Half-vast adapted from a different test, and NOT TESTED. > > Expect it will need correction from someone more expert than I. > > But you get the drift. > > FWIW, I just add the offending ISP to my LBL or their IP pool to the OS > FW tables. > > Lower-resource tests than a regex, and less drivel in logs. What I ideally sought was a once-off solution. Your interesting regext examines all the headers in the DATA ACL. I was seeking something which examines the incoming HELO line in the HELO ACL. If I can't find it, will probably go for the address block blocking in IPT. Thanks, Paul. -- Paul. England, EU. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
