The Community Forums

Interact with an entire community of cPanel & WHM users.
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

New Exim Config's Do We Need These Old ACL's

Discussion in 'E-mail Discussions' started by chae, Dec 21, 2007.

  1. chae

    chae Well-Known Member

    Joined:
    Apr 19, 2003
    Messages:
    145
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Auckland, New Zealand
    With exim's config being updated on a daily basis, we've been updating servers with some custom ACL's that have been added over the last year (thanks to those forums members for posting).

    Do we really need to use those older ACL's now for example we are continually adding these everytime the config is updated by Exim/WHM...

    #!!# Custom Additions

    deny local_parts = ^.*[@%!/|] : ^\\.
    message = I`ve never seen @, %, !, / or | in an e-mail. Neither should you!

    deny message = Only one recipient accepted for NULL sender
    senders = :
    condition = ${if>{$rcpt_count}{1}{1}}

    deny message = HELO/EHLO with my ip address. You are not me.
    log_message = HELO/EHLO my.ip
    condition = ${if eq{$sender_helo_name}{$interface_address}{yes}{no} }

    deny message = Polite hosts say HELO first. Please see RFC 2821 section 4.1.1.1
    log_message = Bad HELO: Empty HELO
    condition = ${if eq{$sender_helo_name}{}}

    deny message = RFC 1918 IP address in HELO.
    log_message = RFC 1918 IP address
    !hosts = +relay_hosts
    !authenticated = *
    condition = ${if match {$sender_helo_name}{\N^(\[)?(10\.[0-9]{1,3}|172\.(1[6-9]|2[0-9]|31)|192\.168)\.[0-9]{1,3}\.[0-9]{1,3}(\])?$\N}{yes}{no}}

    deny message = Forged HELO: you are not $sender_helo_name our local domain and you are not allowed to use as per RFC standards.
    log_message = Forged HELO as local domain
    !hosts = +relay_hosts
    !authenticated = *
    condition = ${if match_domain{$sender_helo_name}{+local_domains}{ye s}{no}}

    deny message = Hacked HELO: you are not $sender_helo_name
    log_message = Hacked HELO
    !hosts = +relay_hosts
    !authenticated = *
    condition = ${if match {$sender_helo_name}{\N^[A-Z0-9]+\.[a-z]+$\N}{yes}{no}}
    condition = ${if match {$sender_helo_name}{\N^[0-9]+\.[a-z]+$\N}{no}{yes}}

    deny message = $sender_helo_name is a silly HELO
    log_message = Silly HELO
    !hosts = +relay_hosts
    !authenticated = *
    condition = ${if match {$sender_helo_name}{\N^(127\.0\.0\.1|localhost(\.localdomain)?)$\N}{yes}{no}}

    deny message = Underscores are not allowed in hostnames
    log_message = Underscore in hostname
    !hosts = +relay_hosts
    !authenticated = *
    condition = ${if match {$sender_helo_name}{\N.*_.*\N}{yes}{no}}

    deny message = Hacked HELO: you are not $sender_helo_name
    log_message = Hacked HELO: constructed by viruses (random)
    !hosts = +relay_hosts
    !authenticated = *
    condition = ${if match {$sender_helo_name}{smtp}{no}{yes}}
    condition = ${if match {$sender_helo_name}{\N^[a-z0-9]+\.[a-z]+$\N}}
    condition = ${if match {$sender_helo_name}{\N.*[bcdfghjklmnpqrstvwxz]{7,}.*\.[a-z]+$\N}}

    deny message = Faked Yahoo.com address, so you must be spam.
    senders = *@yahoo.com:*@yahoo.es:*@yahoo.com.ar:*yahoo.com.b r:*@yahoo.it:*@yahoo.co.uk:*@yahoo.ca:*@yahoo.fr
    condition = ${if match {$sender_host_name}{\Nyahoo.com$\N}{no}{yes}}

    deny message = Faked Hotmail.com address, so you must be spam.
    senders = *@hotmail.com
    condition = ${if match {$sender_host_name}{\Nhotmail.com$\N}{no}{yes}}

    deny message = Faked MSN.com address, so you must be spam.
    senders = *@msn.com
    condition = ${if match {$sender_host_name}{\N(hotmail|msn).com$\N}{no}{yes}}

    deny message = Faked AOL.com address, so you must be spam.
    senders = *@aol.com
    condition = ${if match {$sender_host_name}{\Naol.com$\N}{no}{yes}}

    deny message = Faked Gmail.com address, so you must be spam.
    senders = *@gmail.com
    condition = ${if match {$sender_host_name}{\N(google|gmail).com$\N}{no}{yes}}

    deny message = Faked Mail.ru address, so you must be spam.
    senders = *@mail.ru
    condition = ${if match {$sender_host_name}{\Nmail.ru$\N}{no}{yes}}

    deny message = Faked Fibertel.com.ar address, so you must be spam.
    senders = *@fibertel.com.ar
    condition = ${if match {$sender_host_name}{\Nfibertel.com.ar$\N}{no}{yes} }

    deny message = Faked Ciudad.com.ar address, so you must be spam.
    senders = *@ciudad.com.ar
    condition = ${if match {$sender_host_name}{\N(ciudad|prima).com.ar$\N}{no }{yes}}

    deny message = Faked Argentina.com address, so you must be spam.
    senders = *@argentina.com
    condition = ${if match {$sender_host_name}{\Nargentina.com$\N}{no}{yes}}

    deny message = Faked Excite.com address, so you must be spam.
    senders = *@excite.com
    condition = ${if match {$sender_host_name}{\Nexcite.com$\N}{no}{yes}}

    deny message = Faked Mixmail.com address, so you must be spam.
    senders = *@mixmail.com
    condition = ${if match {$sender_host_name}{\Nmixmail.com$\N}{no}{yes}}

    deny message = Faked Latinmail.com address, so you must be spam.
    senders = *@latinmail.com
    condition = ${if match {$sender_host_name}{\Nlatinmail.com$\N}{no}{yes}}

    deny message = Faked Arnet.com.ar address, so you must be spam.
    senders = *@arnet.com.ar
    condition = ${if match {$sender_host_name}{\Narnet.com.ar$\N}{no}{yes}}

    deny message = Faked Microsoft.com address, so you must be spam.
    senders = *@microsoft.com
    condition = ${if match {$sender_host_name}{\Nmicrosoft.com$\N}{no}{yes}}

    deny message = Faked Wanadoo.com address, so you must be spam.
    senders = *@wanadoo.com
    condition = ${if match {$sender_host_name}{\Nwanadoo.com$\N}{no}{yes}}

    deny message = Faked Mail.com address, so you must be spam.
    senders = *@mail.com
    condition = ${if match {$sender_host_name}{\N(mail|outblaze).com$\N}{no}{yes}}

    deny message = Faked Hotpop.com address, so you must be spam.
    senders = *@hotpop.com
    condition = ${if match {$sender_host_name}{\Nhotpop.com$\N}{no}{yes}}

    deny message = Faked Mac.com address, so you must be spam.
    senders = *@mac.com
    condition = ${if match {$sender_host_name}{\Nmac.com$\N}{no}{yes}}

    deny message = Faked Net.il address, so you must be spam.
    senders = *@net.il
    condition = ${if match {$sender_host_name}{\Nnet.il$\N}{no}{yes}}

    deny message = Faked Walla.com address, so you must be spam.
    senders = *@walla.com
    condition = ${if match {$sender_host_name}{\Nwalla.com$\N}{no}{yes}}

    deny message = Faked Topmail.com.ar address, so you must be spam.
    senders = *@topmail.com.ar
    condition = ${if match {$sender_host_name}{\Ntopmail.com.ar$\N}{no}{yes}}

    deny message = Faked Tutopia.com address, so you must be spam.
    senders = *@tutopia.com
    condition = ${if match {$sender_host_name}{\Ntutopia.com$\N}{no}{yes}}

    deny message = Faked Uyuyuy.com address, so you must be spam.
    senders = *@uyuyuy.com
    condition = ${if match {$sender_host_name}{\Nuyuyuy.com$\N}{no}{yes}}

    # RBL lists

    drop dnslists = list.dsbl.org :\
    block.rhs.mailpolice.com :\
    !hosts = +relay_hosts
    !authenticated = *

    message = your mail server $sender_host_address is in a black list \
    at $dnslist_domain ($dnslist_text)

    #!!# End Custom Additions

    and at the bottom we have...

    #!!# Custom Addition - clamav ACL, reject virus infected mails with proper error

    deny message = This message contains malformed MIME ($demime_reason)
    demime = *
    condition = ${if >{$demime_errorlevel}{2}{1}{0}}

    deny message = Potential executable content. If you meant to send this file \
    then please package it up as a zip file and resend it.
    demime = ade:adp:bas:bat:chm:cmd:com:cpl:crt:eml:exe:hlp:hta:inf:ins:isp:jse:lnk:mdb:mde:msc:msi:msp:pcd:reg:scr:sct:shs:url:vbs:vbe:wsf:wsh:wsc

    ##### end clamav ACL

    # Add X-Scanned Header
    warn message = X-Antivirus-Scanned: Clean but you should still have anti-virus software

    #deny condition = ${if !def:h_Message-ID: {1}}
    #message = Message SHOULD have Message-ID: but does not

    deny message = Serious MIME defect detected ($demime_reason)
    log_message = Broken MIME ($mime_reason)
    demime = *
    condition = ${if >{$demime_errorlevel}{2}{1}{0}}

    ### deny message = Hiding of file extensions is not allowed!
    ### log_message = Dangerous extension (CLSID hidden)

    #!!# End Custom Additions

    Thanks in advance
     
  2. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    765
    Likes Received:
    1
    Trophy Points:
    18
    I'd like to know also - I dont see any HELO checking in the cpanel acl so I presume we should still add our own ?
     
  3. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    765
    Likes Received:
    1
    Trophy Points:
    18
    Could anyone tell me where in the ACL section I would add some HELO checks ? I dont want to put them in the wrong place.
     
  4. RickG

    RickG Well-Known Member

    Joined:
    Feb 28, 2005
    Messages:
    238
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    North Carolina
    WHM >> Service Configuration >> Exim Configuration Editor

    Click on Advanced Editor. Scroll down to 3rd box. Look for the following text:

    #!!# ACL that is used after the RCPT command
    check_recipient:
    # Exim 3 had no checking on -bs messages, so for compatibility
    # we accept if the source is local SMTP (i.e. not over TCP/IP).
    # We do this by testing for an empty sending host field.

    [% ACL_RATELIMIT_BLOCK %]

    accept hosts = :

    Paste in HELO checks here (under "accept hosts = :")
     
    4u123 likes this.
  5. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    765
    Likes Received:
    1
    Trophy Points:
    18
    Great, thanks.
     
  6. fenixer

    fenixer Well-Known Member

    Joined:
    Feb 23, 2007
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    6
    Helo... just no notify:

    HELO checks, just disable receiving emails redirected....

    by example, someone, at 3rd party server, configures a redirection from domain.xxx to mydomain.xxx (mydomain.xxx is hosted by me). The redirect is legitimal.

    Now, some legitimal hotmail.com address send an email to domain.xxx, which obviously is redirected to my server, to mydomain.xxx....... well, my server refuses this email because the hostname redirecting the email is not hotmail.com, so it would be a Faked HELO error.

    It is tested.... redirections would be refused, instead of being legitimal, so it is not a good idea, although I like it very much.
     
Loading...

Share This Page