Would this be achievable with sendmail as well?
-----Original Message-----
From: Steve Thomas [mailto:[EMAIL PROTECTED]
Sent: 26 March 2004 19:43
To: [EMAIL PROTECTED]
Subject: Re: Another spam sign.
On Fri, Mar 26, 2004 at 09:20:40AM -0700, Brian Godette is rumored to have
said:
>
> This goes along the custom rule to match a forged Received line claiming
to be
> your own mail server. The new addition to that is forging of
> X-Originating-IP.
I reject connections from machines using a HELO argument claiming to be our
domain or our server's IP address. (exim 4.3)
acl_check_helo:
deny condition = ${if eq {$sender_helo_name}{ourdomain.tld}{yes}{no}}
message = HELO or EHLO rejected. You are not ourdomain.tld.
deny condition = ${if eq {$sender_helo_name}{12.34.56.78}{yes}{no}}
message = HELO or EHLO rejected. You are not 12.34.56.78.
accept
You'd be amazed how many spammers are using this tactic. After I added the
ACL, I started seeing hits immediately on both rules. Over 1500 rejects in
the last 36 hours, and we don't have many users. Bottom line is that these
spams never even get to SA to waste my CPU, disk space and bandwidth. :)
(kind of OT, sorry)
--
"Talent does what it can; genius does what it must."
- Edward George Bulwer-Lytton (1803-1873)
--
This message has been scanned for viruses and
dangerous content by aWhale (www.awhale.co.uk)
Using MailScanner, and is believed to be clean.
