I've finally nailed this 
I've done a lot of checking on all our servers, and this localhost.localdomain is ONLY seen in spammer mails:
And there is a HUGE number of such emails, so I tried something else (and thanks to serversphere for his time and ideas):
This could probably need some editing by someone who knows a little bit more about Exim than me(and yes, the logs give somewhat different log_message than the one stated in the ACL...), but I'm pleased with the result:
I've done a lot of checking on all our servers, and this localhost.localdomain is ONLY seen in spammer mails:
Code:
2007-06-22 19:19:35 1I1mn5-0006hP-OP <= [email protected] H=(localhost.localdomain) [66.134.119.178] P=smtp S=2734 [email protected] T="\313\376\341\373\345 \364\356\360\354\373 \356\357\353\340\362\373 " from <[email protected]> for [email protected]
2007-06-22 19:21:24 1I1moQ-0006qx-BY <= [email protected] H=(localhost.localdomain) [125.24.167.166] P=smtp S=4048 [email protected] T="Message about Cialis for you!" from <[email protected]> for [email protected]
2007-06-22 19:21:44 1I1mp6-0006ts-U4 <= [email protected] H=(localhost.localdomain) [77.100.1.176] P=smtp S=2790 [email protected] T="Accelerated burning of unwanted fat" from <[email protected]> for [email protected]
2007-06-22 19:55:37 1I1nLa-0004JC-54 <= [email protected] H=(localhost.localdomain) [207.70.189.38] P=smtp S=2095 [email protected] T="Appetite control for hours on end" from <[email protected]> for [email protected]
2007-06-22 20:45:15 1I1o7k-0004Aq-Kv <= [email protected] H=(localhost.localdomain) [201.10.36.237] P=smtp S=2543 [email protected] T="Benefits of Viagra" from <[email protected]> for [email protected]
2007-06-22 20:45:28 1I1o8D-0004kV-99 <= [email protected] H=(localhost.localdomain) [24.126.81.134] P=smtp S=2785 [email protected] T="The ability to eat smaller meals" from <[email protected]> for [email protected]
2007-06-22 20:46:00 1I1o8P-0004lN-32 <= [email protected] H=(localhost.localdomain) [24.126.81.134] P=smtp S=2780 [email protected] T="Increased metabolism and calorie expenditure" from <[email protected]> for [email protected]
2007-06-22 20:46:12 1I1o8p-0004ml-BR <= [email protected] H=(localhost.localdomain) [201.10.36.237] P=smtp S=2623 [email protected] T="The lowest prices for the best medicines!" from <[email protected]> for [email protected]
2007-06-22 20:47:29 1I1oA5-0004sb-MM <= [email protected] H=(localhost.localdomain) [81.159.112.109] P=smtp S=2556 [email protected] T="TOP brand medicines without any prescription" from <[email protected]> for [email protected]
Code:
# deny localhost in HELO name (TRIAL_2)
deny condition = ${if match {$sender_helo_name} {^localhost+\.localdomain+\$} {yes}{no}}
message = Your server announces itself ($sender_helo_name), but you're not local
log_message = Bad HELO: localhost reference in $sender_helo_name
Code:
2007-06-22 22:13:31 H=(localhost.localdomain) [87.11.48.75] rejected EHLO or HELO localhost.localdomain: Bad HELO: localhost reference in localhost.localdomain
2007-06-22 22:18:34 H=(localhost.localdomain) [65.34.173.51] rejected EHLO or HELO localhost.localdomain: Bad HELO: localhost reference in localhost.localdomain
2007-06-22 22:32:16 H=(localhost.localdomain) [194.63.148.36] rejected EHLO or HELO localhost.localdomain: Bad HELO: localhost reference in localhost.localdomain
Last edited: