On Fri, Mar 26, 2004 at 09:20:40AM -0700, Brian Godette is rumored to have said:
>
> This goes along the custom rule to match a forged Received line claiming to
> be
> your own mail server. The new addition to that is forging of
> X-Originating-IP.
I reject connections from machines using a HELO argument claiming to be our
domain or our server's IP address. (exim 4.3)
acl_check_helo:
deny condition = ${if eq {$sender_helo_name}{ourdomain.tld}{yes}{no}}
message = HELO or EHLO rejected. You are not ourdomain.tld.
deny condition = ${if eq {$sender_helo_name}{12.34.56.78}{yes}{no}}
message = HELO or EHLO rejected. You are not 12.34.56.78.
accept
You'd be amazed how many spammers are using this tactic. After I added the ACL,
I started seeing hits immediately on both rules. Over 1500 rejects in the last
36 hours, and we don't have many users. Bottom line is that these spams never
even get to SA to waste my CPU, disk space and bandwidth. :)
(kind of OT, sorry)
--
"Talent does what it can; genius does what it must."
- Edward George Bulwer-Lytton (1803-1873)
