Ouch, well then that's not going to work. Sorry about that! Still learning the ins and outs of these ACLs.using accept authenticated = * all my clients email can't received any email
Last edited:
Ouch, well then that's not going to work. Sorry about that! Still learning the ins and outs of these ACLs.using accept authenticated = * all my clients email can't received any email
## Added from http://www.rvskin.com/index.php?page=public/antispam#4.3
#
# Be polite and say HELO. Reject anything from hosts that haven't given
# a valid HELO/EHLO to us.
##
deny message = Bad HELO: Empty HELO, please see RFC 2821 section 4.1.1.1
condition = ${if eq{$sender_helo_name}{}{yes}{no}}
##
# Forged hostname - HELOs as one of my own IPs
##
# Forged HELO (our ip/hostname)
deny message = Forged HELO: you are not $sender_helo_name as that is our IP Address and you are not allowed to us
e it in HELO/EHLO as per RFC Standards.
!hosts = @[]
!hosts = +rv_relay_hosts
!authenticated = *
condition = ${if eq{$sender_helo_name}{$interface_address}{yes}{no}}
##
# Forged hostname - HELOs as my own hostname or domain
##
# accept helo which is in local_domain if we relay or had smtp auth
deny message = Forged HELO: you are not $sender_helo_name our local domain and you are not allowed to use as per
RFC Standards.
!hosts = @[]
!hosts = +rv_relay_hosts
!authenticated = *
condition = ${if match_domain{$sender_helo_name}{+local_domains}{yes}{no}}
##
# Hacked HELO (DOMAIN.com) (constructed by viruses)
##
deny message = Hacked HELO: you are not $sender_helo_name
condition = ${if match {$sender_helo_name}{\N^[A-Z0-9]+\.[a-z]+$\N}{yes}{no}}
condition = ${if match {$sender_helo_name}{\N^[0-9]+\.[a-z]+$\N}{no}{yes}}
!hosts = @[]
!hosts = +rv_relay_hosts
!authenticated = *
Hi,http://www.rvskin.com/index.php?page=public/antispam#4.3 seems to have almost all the same items you have here and the authenticated works.
Code:## Added from http://www.rvskin.com/index.php?page=public/antispam#4.3 # # Be polite and say HELO. Reject anything from hosts that haven't given # a valid HELO/EHLO to us. ## deny message = Bad HELO: Empty HELO, please see RFC 2821 section 4.1.1.1 condition = ${if eq{$sender_helo_name}{}{yes}{no}} ## # Forged hostname - HELOs as one of my own IPs ## # Forged HELO (our ip/hostname) deny message = Forged HELO: you are not $sender_helo_name as that is our IP Address and you are not allowed to us e it in HELO/EHLO as per RFC Standards. !hosts = @[] !hosts = +rv_relay_hosts !authenticated = * condition = ${if eq{$sender_helo_name}{$interface_address}{yes}{no}} ## # Forged hostname - HELOs as my own hostname or domain ## # accept helo which is in local_domain if we relay or had smtp auth deny message = Forged HELO: you are not $sender_helo_name our local domain and you are not allowed to use as per RFC Standards. !hosts = @[] !hosts = +rv_relay_hosts !authenticated = * condition = ${if match_domain{$sender_helo_name}{+local_domains}{yes}{no}} ## # Hacked HELO (DOMAIN.com) (constructed by viruses) ## deny message = Hacked HELO: you are not $sender_helo_name condition = ${if match {$sender_helo_name}{\N^[A-Z0-9]+\.[a-z]+$\N}{yes}{no}} condition = ${if match {$sender_helo_name}{\N^[0-9]+\.[a-z]+$\N}{no}{yes}} !hosts = @[] !hosts = +rv_relay_hosts !authenticated = *
Now THAT is an awesome link!! Thanks for that one. I see what they are doing now, rather than simply passing the mail through at the beginning as I suggested they have the authentication check in the conditions of each one. Very nice! :D
Never tried them - now I'm glad I didn't.http://vamos-wentworth.org/exim-tricks.html ... Do not use the faked yahoo, et al.
Hi, I'm testing this rule and I've still problem with mailman, look at this log:So I am (now - after changing it) testing this, which is similar to the exim standard check for mailman traffic:
Code:# Accept mailman deliveries accept condition = \ ${if and {{match{$sender_helo_name}{(.*)-bounces\+.*}} \ {exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \ {yes}{no}} endpass log_message = $sender_helo_name resides in mailman-passed
2007-01-30 21:46:36 1HBzsC-0003ki-5X <= [email protected] H=(ug-out-1314. google.com) [66.249.92.170] P=esmtp S=2835 [email protected] gmail.com
2007-01-30 21:48:00 1HBzsC-0003ki-5X => montellug <[email protected]> R=mai lman_virtual_router T=mailman_virtual_transport
2007-01-30 21:48:00 1HBzsC-0003ki-5X Completed
2007-01-30 21:48:08 H=localhost (server1.sonsof.net) [127.0.0.1] rejected EHLO o r HELO server1.sonsof.net: Forged HELO: server1.sonsof.net Spoof Attempt
2007-01-30 21:48:08 H=localhost (server1.sonsof.net) [127.0.0.1] rejected EHLO o r HELO server1.sonsof.net: Forged HELO: server1.sonsof.net Spoof Attempt
2007-01-30 21:48:08 H=localhost (server1.sonsof.net) [127.0.0.1] rejected EHLO o r HELO server1.sonsof.net: Forged HELO: server1.sonsof.net Spoof Attempt
2007-01-30 21:48:08 H=localhost (server1.sonsof.net) [127.0.0.1] rejected EHLO o r HELO server1.sonsof.net: Forged HELO: server1.sonsof.net Spoof Attempt
2007-01-30 21:48:09 H=localhost (server1.sonsof.net) [127.0.0.1] rejected EHLO o r HELO server1.sonsof.net: Forged HELO: server1.sonsof.net Spoof Attempt
2007-01-30 21:48:09 H=localhost (server1.sonsof.net) [127.0.0.1] rejected EHLO o r HELO server1.sonsof.net: Forged HELO: server1.sonsof.net Spoof Attempt
The regular expression statement above recognizes any set of numbers set up in a format like an IP address. It would also catch "111111.2222222.3333333.4444444", even though that's a bogus IP address. Basically it's saying "Any string of four number sets, separated by decimals, that begin and end with the numbers". The "^" at the start means that the string must begin with a number and the "$" at the end means that the string must also end with a number. Hope that helps make it more clear, regex's can be tricky!^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\$
-snip-
Is this ACL safe? Is this checking if the HELO is IP only or does it block it if it just contains an IP?
Awesome! Very nice to hear some positive results.The results were consistent across all four servers hosting several hundred sites each. I am disgustingly impressed