[prev in list] [next in list] [prev in thread] [next in thread] 

List:       exim-users
Subject:    Re: [exim] lsearch expression for check_helo ACL?
From:       "Tabor J. Wells" <twells () fsckit ! net>
Date:       2004-12-29 18:23:25
Message-ID: 20041229182325.GD14248 () fsckit ! net
[Download RAW message or body]

On Wed, Dec 29, 2004 at 04:43:54PM +0100,
Christian Schmidt <christian@siebenbergen.de> is thought to have said:

> begin acl
> 
> check_helo:
> # If remote host greets with an IP address, reject connection:
> deny    message = REJECTED - Bad HELO - IP address not allowed ($sender_helo_name).
> condition = ${if isip {$sender_helo_name}{true}{false}}
> 
> # Deny if the HELO pretends to be this host:
> deny    message = You pretend to be $sender_helo_name, but that's me.
> condition = ${if or { \
> 	            {eq {${lc:$sender_helo_name}}{server.linau.de}} \
> 		    {eq	{${lc:$sender_helo_name}}{www.linau.de}} \
> 		    {eq {${lc:$sender_helo_name}}{localhost}}}{true}{false}}
> # Otherwise accept connection:
> accept
> 
> As have listed all local domain names in a file using
> domainlist local_domains = /etc/exim4/domainfiles/local-domains.txt
> I'm wondering how to include either the local_domains variable or the
> local-domains.txt file in my condition expression.
> I've already tried constructing an expression using "lsearch", but
> unfortunately, I'm not yet familiar enough with the corresponding
> syntax.

Personally I recommend moving this sort of check out of the helo acl and
into rcpt. Just because some brokenware will take an error in response to
helo as grounds to immediately retry.

As far as your lookup goes just do something like:

  # And from systems which give banned HELO
  deny    hosts     = !+relay_from_hosts
          condition = ${lookup{${lc:$sender_helo_name}} dbm \
                {/etc/exim/db/heloreject.db} {yes} {no}}
          log_message = SPAMFILTER: $sender_host_address sent banned HELO: \
$sender_helo_name  message = Go away

my helorejects.db contains things like domains I MX for, IP addresses of my
MXes, random other things I know to be invalid helo values, etc.

Tabor

-- 
--------------------------------------------------------------------
Tabor J. Wells                                     twells@fsckit.net
Fsck It!                 Just another victim of the ambient morality

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at \
http://www.exim.org/ ##


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic