On 2023-05-28 01:29, Cyborg via Exim-users wrote:
Am 28.05.23 um 04:04 schrieb AC via Exim-users:
I was searching through the lists and reading the documentation but
I'm coming up short on blocking IP only senders.
I've seen ACLs checking sender_helo_name using isip{} but that doesn't
seem to do anything for the case of a literal IP:
H=([185.17.76.25])
What's the proper way to check for the above condition and reject it?
Simple:
drop message = invalid NON-FQDN HELO ($sender_helo_name),
please talk to your mailserveradmin about this
condition = ${if
match{$sender_helo_name}{\N^\[[0-9]+.*\N}{0}{1}} <- unchecked regex,
may need adjustment
condition = ${if match{$sender_helo_name}{\N(\.|:)\N}{0}{1}}
... add more rules to your needs...
you should add a rule, which skips, if the sender host is it's own
localhost via smtp.
Looks like this in the logs:
2023-05-28 09:36:46 H=(localhost) [117.7.227.162] rejected MAIL
<[email protected]>: invalid NON-FQDN HELO (localhost),
please talk to your mailserveradmin about this
best regards,
Marius
Thanks, I already did check localhost but it appears what I was after
was actually sender_host_name being empty which, from what I understand,
is what H=([ip]) actually represents in the logs (if that's not the case
hopefully someone can correct me).
Now, along the same lines, which ACL would handle the TLS connection
phase (the portion of the connection where the error: "TLS error on
connection from ... (gnutls_handshake): The TLS connection was
non-properly terminated")? I'd like to put a similar rule in to block
connections from IP only sources.
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## [email protected]
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
