How to get Cpanel/Exim to reject email from bogus invalid hostnames?

One user is getting spam from a distributed sender, from hundreds of different IPs, but the HELO hostnames are invalid. Here is one example...

------ In /var/log/exim_main.log one line...

Code:

2014-02-09 05:30:25 1WCSab-0003Fp-E0 <= spamtitle @ domain.com H=(0023f2f2.domain.com) [198.20.98.91]:39483 P=esmtp S=11354 id=741152355880742221
60109 @ q4j3frgw9.domain.com T="Need Financing?" for XXX@YYYY

------ Then I check if the hostname is good, but it's not...
2014-02-09 05:30:25 1WCSab-0003Fp-E0 <= spamtitle @ domain.com H=(0023f2f2.domain.com) [198.20.98.91]:39483 P=esmtp S=11354 id=741152355880742221
60109@q4j3frgw9.domain.com T="Need spam?" for XXX@YYYY

------ Then I check if the hostname is good, but it's not...

# dig -x 0023f2f2.domain.com

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> -x 0023f2f2.domain.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 18758
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;com.domain.0023f2f2.in-addr.arpa. IN PTR

;; AUTHORITY SECTION:
in-addr.arpa. 3192 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2014012551 1800 900 604800 3600

;; Query time: 20 msec
;; SERVER: A.B.C.D#53(A.B.C.D)
;; WHEN: Wed Feb 12 14:46:00 2014
;; MSG SIZE rcvd: 117

#

------- How can I configure Cpanel/Exim to reject email coming from bogus invalid hostnames? I thought the default was to do this. Perhaps my mailserver is misconfigured, but I cannot find the specific option in "Mailserver configuration, Basic or Advanced" to do this.

I see Sender Verification Callouts, which are a different thing and do cause some problems, so we have disabled on purpose. I also have both RBLs on, but they're not filtering this particular spammer out.

Your help is greatly appreciated!

Thanks!

ER

 

Had the two options ON...
"Require HELO before MAIL" ON
"Require RFC-compliant HELO" ON

Enabled "Sender Verification Callouts". Was off. Now ON.

I'm trying to remember the exact situation that pushed us to disable "Sender Verification Callouts". Let me try this again.

Thanks a lot for your help!

ER

 

Thanks for the hint on the negative side-effect of enabling "Sender Verification".

In /etc/exim.conf ... another thing I had to try was to uncomment

#host_lookup = 0.0.0.0/0

To get exim to check the incoming IP has a reverse-dns-lookup value.

Thanks!

ER

 

Some email addresses are hooks or triggers of RBLs, so yes, there is a chance "full mailboxes" and "sender verification callouts" can have the server RBL-blocked. I did enable "sender verification callouts" though, opted to run take the risk. Something being unfair doesn't prevent it from happening, unfortunately. Probably the risk of getting blacklisted is higher if the antispam is less astringent, less strict and bounces and passes through more spam. THANKS! ER