Hello, I've started seeing a lot of this, and I'm not sure why they are being terminated at the helo/ehlo check as I try and do everything at rcpt time..
the 84.174.86.75 host is listed in spamhaus (xbl-sbl) and would get caught in a different part of the config and be denied by that.. but instead b/c they are being dropped at helo, they have to get caught in the ratelimit checks and denied that way.. (if that makes sense..) how can I allow them to continue on in their conversation, as to find out who they are trying to come from or send to and then disconnect them. Again if that makes sense.. I guess what I'm looking for is if I have acl_check_helo to accept, why did it get denied? exim -bP | grep helo acl_smtp_helo = acl_check_helo helo_accept_junk_hosts = helo_allow_chars = helo_lookup_domains = @ : @[] helo_try_verify_hosts = helo_verify_hosts = 2006-10-19 09:41:08 SMTP connection from [84.174.86.75]:4226 I=[1.2.3.4]:25 (TCP/IP connection count = 14) 2006-10-19 09:41:09 rejected EHLO from [84.174.86.75]:4226 I=[1.2.3.4]:25: syntactically invalid argument(s): |http://mail.oldartero.com:8888/cgi-bin/put 2006-10-19 09:41:10 rejected HELO from [84.174.86.75]:4226 I=[1.2.3.4]:25: syntactically invalid argument(s): |http://mail.oldartero.com:8888/cgi-bin/put 2006-10-19 09:41:10 SMTP call from [84.174.86.75]:4226 I=[1.2.3.4]:25 dropped: too many syntax or protocol errors (last command was "HELO |http://mail.oldartero.com:8888/cgi-bin/put") ### ### START ACL HELO ### ### acl_check_helo: accept ### ### START ACL RCPT ### acl_check_rcpt: ... # helo check drop message = sorry, that helo looks like an ip address $sender_helo_name condition = ${if isip {$sender_helo_name}{true}{false}} log_message = IP HELO drop message = sorry, that helo looks forged $sender_helo_name condition = ${lookup {${lc:$sender_helo_name}} cdb{EXIM_DIR/cdb/forged_helos.cdb}{yes} \ {${lookup {${lc:$sender_helo_name}} cdb{EXIM_DIR/cdb/rcpthosts.cdb}{yes}{no}}}} log_message = Forged HELO # end helo checks I would also be ok with "don't worry about it, it's fine.." :) Thanks in advance.. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/