New Exim Config's Do We Need These Old ACL's

[chae]

With exim's config being updated on a daily basis, we've been updating servers with some custom ACL's that have been added over the last year (thanks to those forums members for posting).

Do we really need to use those older ACL's now for example we are continually adding these everytime the config is updated by Exim/WHM...

#!!# Custom Additions

deny local_parts = ^.*[@%!/|] : ^\\.
message = I`ve never seen @, %, !, / or | in an e-mail. Neither should you!

deny message = Only one recipient accepted for NULL sender
senders = :
condition = ${if>{$rcpt_count}{1}{1}}

deny message = HELO/EHLO with my ip address. You are not me.
log_message = HELO/EHLO my.ip
condition = ${if eq{$sender_helo_name}{$interface_address}{yes}{no} }

deny message = Polite hosts say HELO first. Please see RFC 2821 section 4.1.1.1
log_message = Bad HELO: Empty HELO
condition = ${if eq{$sender_helo_name}{}}

deny message = RFC 1918 IP address in HELO.
log_message = RFC 1918 IP address
!hosts = +relay_hosts
!authenticated = *
condition = ${if match {$sender_helo_name}{\N^(\[)?(10\.[0-9]{1,3}|172\.(1[6-9]|2[0-9]|31)|192\.168)\.[0-9]{1,3}\.[0-9]{1,3}(\])?$\N}{yes}{no}}

deny message = Forged HELO: you are not $sender_helo_name our local domain and you are not allowed to use as per RFC standards.
log_message = Forged HELO as local domain
!hosts = +relay_hosts
!authenticated = *
condition = ${if match_domain{$sender_helo_name}{+local_domains}{ye s}{no}}

deny message = Hacked HELO: you are not $sender_helo_name
log_message = Hacked HELO
!hosts = +relay_hosts
!authenticated = *
condition = ${if match {$sender_helo_name}{\N^[A-Z0-9]+\.[a-z]+$\N}{yes}{no}}
condition = ${if match {$sender_helo_name}{\N^[0-9]+\.[a-z]+$\N}{no}{yes}}

deny message = $sender_helo_name is a silly HELO
log_message = Silly HELO
!hosts = +relay_hosts
!authenticated = *
condition = ${if match {$sender_helo_name}{\N^(127\.0\.0\.1|localhost(\.localdomain)?)$\N}{yes}{no}}

deny message = Underscores are not allowed in hostnames
log_message = Underscore in hostname
!hosts = +relay_hosts
!authenticated = *
condition = ${if match {$sender_helo_name}{\N.*_.*\N}{yes}{no}}

deny message = Hacked HELO: you are not $sender_helo_name
log_message = Hacked HELO: constructed by viruses (random)
!hosts = +relay_hosts
!authenticated = *
condition = ${if match {$sender_helo_name}{smtp}{no}{yes}}
condition = ${if match {$sender_helo_name}{\N^[a-z0-9]+\.[a-z]+$\N}}
condition = ${if match {$sender_helo_name}{\N.*[bcdfghjklmnpqrstvwxz]{7,}.*\.[a-z]+$\N}}

deny message = Faked Yahoo.com address, so you must be spam.
senders = *@yahoo.com:*@yahoo.es:*@yahoo.com.ar:*yahoo.com.b r:*@yahoo.it:*@yahoo.co.uk:*@yahoo.ca:*@yahoo.fr
condition = ${if match {$sender_host_name}{\Nyahoo.com$\N}{no}{yes}}

deny message = Faked Hotmail.com address, so you must be spam.
senders = *@hotmail.com
condition = ${if match {$sender_host_name}{\Nhotmail.com$\N}{no}{yes}}

deny message = Faked MSN.com address, so you must be spam.
senders = *@msn.com
condition = ${if match {$sender_host_name}{\N(hotmail|msn).com$\N}{no}{yes}}

deny message = Faked AOL.com address, so you must be spam.
senders = *@aol.com
condition = ${if match {$sender_host_name}{\Naol.com$\N}{no}{yes}}

deny message = Faked Gmail.com address, so you must be spam.
senders = *@gmail.com
condition = ${if match {$sender_host_name}{\N(google|gmail).com$\N}{no}{yes}}

deny message = Faked Mail.ru address, so you must be spam.
senders = *@mail.ru
condition = ${if match {$sender_host_name}{\Nmail.ru$\N}{no}{yes}}

deny message = Faked Fibertel.com.ar address, so you must be spam.
senders = *@fibertel.com.ar
condition = ${if match {$sender_host_name}{\Nfibertel.com.ar$\N}{no}{yes} }

deny message = Faked Ciudad.com.ar address, so you must be spam.
senders = *@ciudad.com.ar
condition = ${if match {$sender_host_name}{\N(ciudad|prima).com.ar$\N}{no }{yes}}

deny message = Faked Argentina.com address, so you must be spam.
senders = *@argentina.com
condition = ${if match {$sender_host_name}{\Nargentina.com$\N}{no}{yes}}

deny message = Faked Excite.com address, so you must be spam.
senders = *@excite.com
condition = ${if match {$sender_host_name}{\Nexcite.com$\N}{no}{yes}}

deny message = Faked Mixmail.com address, so you must be spam.
senders = *@mixmail.com
condition = ${if match {$sender_host_name}{\Nmixmail.com$\N}{no}{yes}}

deny message = Faked Latinmail.com address, so you must be spam.
senders = *@latinmail.com
condition = ${if match {$sender_host_name}{\Nlatinmail.com$\N}{no}{yes}}

deny message = Faked Arnet.com.ar address, so you must be spam.
senders = *@arnet.com.ar
condition = ${if match {$sender_host_name}{\Narnet.com.ar$\N}{no}{yes}}

deny message = Faked Microsoft.com address, so you must be spam.
senders = *@microsoft.com
condition = ${if match {$sender_host_name}{\Nmicrosoft.com$\N}{no}{yes}}

deny message = Faked Wanadoo.com address, so you must be spam.
senders = *@wanadoo.com
condition = ${if match {$sender_host_name}{\Nwanadoo.com$\N}{no}{yes}}

deny message = Faked Mail.com address, so you must be spam.
senders = *@mail.com
condition = ${if match {$sender_host_name}{\N(mail|outblaze).com$\N}{no}{yes}}

deny message = Faked Hotpop.com address, so you must be spam.
senders = *@hotpop.com
condition = ${if match {$sender_host_name}{\Nhotpop.com$\N}{no}{yes}}

deny message = Faked Mac.com address, so you must be spam.
senders = *@mac.com
condition = ${if match {$sender_host_name}{\Nmac.com$\N}{no}{yes}}

deny message = Faked Net.il address, so you must be spam.
senders = *@net.il
condition = ${if match {$sender_host_name}{\Nnet.il$\N}{no}{yes}}

deny message = Faked Walla.com address, so you must be spam.
senders = *@walla.com
condition = ${if match {$sender_host_name}{\Nwalla.com$\N}{no}{yes}}

deny message = Faked Topmail.com.ar address, so you must be spam.
senders = *@topmail.com.ar
condition = ${if match {$sender_host_name}{\Ntopmail.com.ar$\N}{no}{yes}}

deny message = Faked Tutopia.com address, so you must be spam.
senders = *@tutopia.com
condition = ${if match {$sender_host_name}{\Ntutopia.com$\N}{no}{yes}}

deny message = Faked Uyuyuy.com address, so you must be spam.
senders = *@uyuyuy.com
condition = ${if match {$sender_host_name}{\Nuyuyuy.com$\N}{no}{yes}}

# RBL lists

drop dnslists = list.dsbl.org :\
block.rhs.mailpolice.com :\
!hosts = +relay_hosts
!authenticated = *

message = your mail server $sender_host_address is in a black list \
at $dnslist_domain ($dnslist_text)

#!!# End Custom Additions

and at the bottom we have...

#!!# Custom Addition - clamav ACL, reject virus infected mails with proper error

deny message = This message contains malformed MIME ($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}

deny message = Potential executable content. If you meant to send this file \
then please package it up as a zip file and resend it.
demime = ade:adp:bas:bat:chm:cmd:com:cpl:crt:eml:exe:hlp:hta:inf:ins:isp:jse:lnk:mdb:mde:msc:msi:mspcd:reg:scr:sct:shs:url:vbs:vbe:wsf:wsh:wsc

##### end clamav ACL

# Add X-Scanned Header
warn message = X-Antivirus-Scanned: Clean but you should still have anti-virus software

#deny condition = ${if !def:h_Message-ID: {1}}
#message = Message SHOULD have Message-ID: but does not

deny message = Serious MIME defect detected ($demime_reason)
log_message = Broken MIME ($mime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}

### deny message = Hiding of file extensions is not allowed!
### log_message = Dangerous extension (CLSID hidden)

#!!# End Custom Additions

Thanks in advance

[4u123]

I'd like to know also - I dont see any HELO checking in the cpanel acl so I presume we should still add our own ?

[4u123]

Could anyone tell me where in the ACL section I would add some HELO checks ? I dont want to put them in the wrong place.

[RickG]

WHM >> Service Configuration >> Exim Configuration Editor

Click on Advanced Editor. Scroll down to 3rd box. Look for the following text:

#!!# ACL that is used after the RCPT command
check_recipient:
# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.

[% ACL_RATELIMIT_BLOCK %]

accept hosts = :

Paste in HELO checks here (under "accept hosts = :")

[4u123]

Great, thanks.

[fenixer]

Helo... just no notify:

HELO checks, just disable receiving emails redirected....

by example, someone, at 3rd party server, configures a redirection from domain.xxx to mydomain.xxx (mydomain.xxx is hosted by me). The redirect is legitimal.

Now, some legitimal hotmail.com address send an email to domain.xxx, which obviously is redirected to my server, to mydomain.xxx....... well, my server refuses this email because the hostname redirecting the email is not hotmail.com, so it would be a Faked HELO error.

It is tested.... redirections would be refused, instead of being legitimal, so it is not a good idea, although I like it very much.