SpamBlocker-Powered exim.conf, Version 4

Jeff,

I've never get stats from logs on how much SPAM is stopped according to this check. So if it's working then we might need to keep it. And I've never run into any issue with it. So this is the first case (reported by DutchTSE) known to me.
 
[root@xxx exim]# cat mainlog-20140706 | grep impersonating | wc -l
2533

Were all send to the same domain, but all from different IP addresses (i have replaced the actual domain by domain.nl):
2014-07-05 16:59:20 H=(domain.nl) [117.220.241.121] rejected EHLO or HELO domain.nl: Bad HELO - Host impersonating domain name [domain.nl]
2014-07-05 17:01:42 H=(domain.nl) [81.16.15.106] rejected EHLO or HELO domain.nl: Bad HELO - Host impersonating domain name [domain.nl]
2014-07-05 17:03:03 H=130-204-45-114.2073762043.ddns.cablebg.net (domain.nl) [130.204.45.114] rejected EHLO or HELO domain.nl: Bad HELO - Host impersonating domain name [domain.nl]
2014-07-05 17:05:07 H=(domain.nl) [213.111.146.216] rejected EHLO or HELO domain.nl: Bad HELO - Host impersonating domain name [domain.nl]
2014-07-05 17:05:53 H=(domain.nl) [91.200.138.241] rejected EHLO or HELO domain.nl: Bad HELO - Host impersonating domain name [domain.nl]
2014-07-05 17:07:10 H=(domain.nl) [31.170.150.67] rejected EHLO or HELO domain.nl: Bad HELO - Host impersonating domain name [domain.nl]
2014-07-05 17:09:25 H=(domain.nl) [95.67.189.182] rejected EHLO or HELO domain.nl: Bad HELO - Host impersonating domain name [domain.nl]
 
Looks like eq makes sense for the $sender_helo_name vs $smtp_active_hostname check, I'll update the 4.3.x version in a moment.

Site-note: I'd use 4.3.x over 4.2.x... as 4.3.x has been getting updates. Some are for the ESF and BC, but those are optional, and not needed.
The changes to 4.3.x SpamBlocker itself are still beneficial, even without the ESF/BC being installed.
The "acl_script" ACL added in 4.3.x is a very handy feature, allowing command-line blocking if an account is at limit (prevents the emails from getting into the queue at all).
Then there's the
/etc/virtual/blacklist_usernames feature, which is handy if you need to quickly block a User account, without yet knowing how they're sending spam (blocks everything for that User)

John
 
Is it possible to disable recipient callout verification for specific domains?
After upgrading to CB2 and Spamblocker 4, I have a problem with some users sending out legitimate periodic emails to their customers which takes a few hours to send because the server verifies every single one of the hundreds recipient before completing the SMTP transaction.
 
Back
Top