I'm having some trouble setting up a rule in acl_check_mail to reject
remote hosts that HELO or announce their own host name with my own domain.
I currently have these as the last three rules of acl_check_mail:
deny
message = Invalid HELO
condition = ${if
match_domain{$sender_helo_name}{+local_domains:+relay_to_domains}{yes}{no}}
deny
message = Invalid HELO
condition = ${if
match_domain{${extract{-3}{.}{$sender_helo_name}}.${extract{-2}{.}{$sender_helo_name}}.${extract{-1}{.}{$sender_helo_name}}}{+local_domains:+relay_to_domains}{yes}{no}}
deny
message = Invalid HELO
condition = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}}
condition = ${if match{$sender_helo_name}{\N\.\N}{no}{yes}}
However, today I had a spammer try 20 times to send to various
addresses. Each time it used some version of the HELO with my domain
(smtp.* and mail.* were the two).
The machine's hostname is mail but the rule was only triggered twice.
The rest of the time it seemed to fall straight through to the
acl_check_rcpt right below and performed a verify sender which failed.
I'm not sure how to test in a way that causes the host name to appear as
whatever I want and I'm also not quite understanding why the rules
failed. I know I missed something.
2015-02-20 20:47:50 H=(mail.acarver.net) [177.11.51.69] I=[10.0.0.6]:25
rejected MAIL <[email protected]>: Invalid HELO
2015-02-20 20:47:50 H=(smtp.acarver.net) [177.11.51.69] I=[10.0.0.6]:25
sender verify fail for <[email protected]>: Unrouteable address
2015-02-20 20:47:50 H=(smtp.acarver.net) [177.11.51.69] I=[10.0.0.6]:25
F=<[email protected]> rejected RCPT <[email protected]>: Sender
verify failed
2015-02-20 20:47:50 H=(mail.acarver.net) [177.11.51.69] I=[10.0.0.6]:25
rejected MAIL [email protected]: Invalid HELO
2015-02-20 20:47:50 H=(mail.acarver.org) [177.11.51.69] I=[10.0.0.6]:25
sender verify fail for <[email protected]>: Unrouteable address
2015-02-20 20:47:50 H=(mail.acarver.org) [177.11.51.69] I=[10.0.0.6]:25
F=<[email protected]> rejected RCPT <[email protected]>: Sender
verify failed
2015-02-20 20:47:51 H=(smtp.acarver.net) [177.11.51.69] I=[10.0.0.6]:25
F=<[email protected]> rejected RCPT <[email protected]>: Sender
verify failed
2015-02-20 20:47:51 H=(mail.acarver.org) [177.11.51.69] I=[10.0.0.6]:25
F=<[email protected]> rejected RCPT <[email protected]>: Sender
verify failed
2015-02-20 20:47:51 H=(smtp.acarver.org) [177.11.51.69] I=[10.0.0.6]:25
sender verify fail for <[email protected]>: Unrouteable address
2015-02-20 20:47:51 H=(smtp.acarver.org) [177.11.51.69] I=[10.0.0.6]:25
F=<[email protected]> rejected RCPT <[email protected]>:
Sender verify failed
2015-02-20 20:47:51 H=(smtp.acarver.net) [177.11.51.69] I=[10.0.0.6]:25
F=<[email protected]> rejected RCPT <[email protected]>: Sender
verify failed
2015-02-20 20:47:51 H=(mail.acarver.org) [177.11.51.69] I=[10.0.0.6]:25
F=<[email protected]> rejected RCPT <[email protected]>: Sender
verify failed
2015-02-20 20:47:51 H=(smtp.acarver.org) [177.11.51.69] I=[10.0.0.6]:25
F=<[email protected]> rejected RCPT <[email protected]>:
Sender verify failed
2015-02-20 20:47:51 H=(smtp.acarver.org) [177.11.51.69] I=[10.0.0.6]:25
F=<[email protected]> rejected RCPT <[email protected]>: Sender
verify failed
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
