Always Learning wrote:
We want to block all emails sent from spamming servers like Microsoft
ESMTP Mail Service.
In ACL HELO how can one match the data in the HELO/EHLO line ? I want
to match 'Microsoft ESMTP MAIL Service' and then drop or reject the
connection.
220 galsrv1.galvatech.local Microsoft ESMTP MAIL Service, Version:
6.0.3790.4675 ready at Wed, 5 Sep 2012 03:29:41 +1000
220 adstudio.co.za Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675
ready at Tue, 4 Sep 2012 19:31:48 +0200
M$ ESMTP MAIL Service does not recognise 550 error codes sent by Exim.
M$ thinks 550 means "try again to send the unwanted junk".
The worse mail abusers, in my experience, use Microsoft ESMTP MAIL
Service. We get about 150 mail attempts every day from each of the
defective Microsoft ESMTP MAIL Service servers, day after day. Their
owners and ISPs are ineffective at halting the abuse.
Thank you.
Experiment with this before going TOO far.
Not ALL of those using EMM ASS tools are bad-actors, and blocking on
anyhting but the LAST MILE sending server is dodgy:
===
warn
logwrite = Traversing MS ESMTP test
regex = ^HELO:: .*Microsoft ESMTP MAIL
log_message = $sender_host_address matched MS ESMTP
===
CAVEAT: Half-vast adapted from a different test, and NOT TESTED.
Expect it will need correction from someone more expert than I.
But you get the drift.
FWIW, I just add the offending ISP to my LBL or their IP pool to the OS
FW tables.
Lower-resource tests than a regex, and less drivel in logs.
Bill
--
韓家標
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
