rimas-kudelis
commented
8 years ago Won't this fail miserably if the HELO identifier is not numeric, just like you reported in #138?
Closed Udera closed 8 years ago
rimas-kudelis
commented
8 years ago Won't this fail miserably if the HELO identifier is not numeric, just like you reported in #138?
Udera
commented
8 years ago yes, that's not working either
Udera
commented
8 years ago I changed the HELO-ACLs to check these conditions:
I didn't add further checks like:
134-24-233-13.dynamic-range.example because this could block legitimate users, dynamic-ips are as well checked by spamassassin)However, we could keep some more rules in that are commented by default.
Udera
commented
8 years ago Seems to work as it should:
2016-07-21 14:29:05 H=(192.168.0.91) [203.171.31.60] rejected EHLO or HELO 192.168.0.91: Access denied - Invalid HELO name (See RFC2821 4.1.3)
2016-07-21 14:39:50 H=(113.162.6.35) [113.162.6.35] rejected EHLO or HELO 113.162.6.35: Access denied - Invalid HELO name (See RFC2821 4.1.3)
2016-07-21 16:39:33 H=(144.76.86.27) [80.78.76.185] rejected EHLO or HELO 144.76.86.27: Access denied - Invalid HELO name (See RFC2821 4.1.3)
2016-07-21 17:51:24 H=rrcs-69-75-209-180.west.biz.rr.com (192.168.0.91) [69.75.209.180] rejected EHLO or HELO 192.168.0.91: Access denied - Invalid HELO name (See RFC2821 4.1.3)The last line is a bit confusing at first. The sender actually used 192.168.0.91 and because I use rDNS, exim4 automatically resolved the hostname associated to 69.75.209.180 (real sender_ip).
In contrast a normal mail with properly configured hostname and DNS entry looks like:
2016-07-21 20:51:01 1bQKvq-00015q-Fz <= redacted@hotmail.fr H=bay004-omc2s20.hotmail.com [65.54.190.95] P=esmtps X=TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256 S= 11033 id=VI1PR04@VI1PR04MB1458.abc.outlook.com We are not changing the default behavior, this PR seems to be working....
Fixing https://github.com/vexim/vexim2/issues/138