On Thu, 2007-05-03 at 10:29 +1000, Ted Cooper wrote: > Exim has a function to figure out if something is an IP address without > all the regex > > # Deny RAW IP addresses - they MUST be quoted to comply with standards > deny message = ERRMSG_RAWIP1 > condition = > ${lookup{$sender_host_address}iplsearch{/etc/exim/bwlists/helo_rawip_ok}{no}{yes}} > condition = ${if isip{$sender_helo_name}{true}{false}}
that won't work: $ exim -be '${if isip{10.0.0.1}}' true $ exim -be '${if isip{[10.0.0.1]}}' <nothing> so you need to get rid of the brackets, first. here's a snippet from my config (written before the {true}{false} bit of ${if became optional): accept condition = ${if and {{match {$sender_helo_name}\ {\N^\[(.+)\]$\N}}\ {isip4 {$1}}}\ {true}{false}} accept condition = ${if and {{match {$sender_helo_name}\ {\N^(?i)\[IPv6:(.+)\]$\N}}\ {isip6 {$1}}}\ {true}{false}} (note the need to use isip4 and isip6 separately to do this accurately) too achieve the effect I suggested, duplicate the stanzas like so: accept condition = ${if and {{match {$sender_helo_name}\ {\N^\[(.+)\]$\N}}\ {isip4 {$1}}}\ {eq {$1}{$sender_host_address}}} deny condition = ${if and {{match {$sender_helo_name}\ {\N^\[(.+)\]$\N}}\ {isip4 {$1}}}} for the pedantic: this may fail for IPv6 since the HELO address provided by the client may not be canonicalised, and as far as I can tell, Exim doesn't have a function to test two IP addresses for equality. actually, the same is true for IPv4, but it is less common to use something like 127.000.000.001. note also that a leading zero traditionally signifies octal, but that is specifically not the case here! > I don't junk [qu.o.t.ed] IP addresses though as there is the possibility > they are legit :/ Looking at the logs though 100% are spams, and so far > they've all been rejected for other reasons. I had a look at our logs, there were a few unauthenticated occurences of this. some looked like misconfigured MUA (Thunderbird?) which uses our server as a smarthost -- those users will only be able to send e-mail to our users (their colleagues), but some people never notice that. I don't think rejecting with a weird HELO error would help them to realise what the problem is :-) I also found one server which used HELO for its NATed address (produktregisteret.no if anyone wonders). overall the number of messages triggering rules related to this is miniscule. I counted 89 messages out of 526886 reaching DATA, and only one of them was a spam with SpamAssassin score < 4. > I'm also dropping HELO's that arn't authenticated/local that give me a > single word as helo, ie no dot. And a few other million things. > condition = ${if match{$sender_helo_name}{\\.}{no}{yes}} yes, this is very effective. -- Kjetil T. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/