Tracks the unique HELO/EHLO names used per IP in a hints database, which can then be used in ACLs to deny access to common spam zombie behaviour.
ALL HELO names are tracked in the same way, even completely invalid ones and those rejected by the ACL. The data is available from before the CONNECT ACL is run, and updated each time before the HELO ACL is run.
helo_cache | Use: main | Type: boolean | Default: false |
Enables or disables caching of HELO or EHLO names used per IP, making the data available using ${helocache...}.
helo_cache_max | Use: main | Type: integer | Default: 4 |
Sets the maximum number of HELO or EHLO names to cache per IP.
helo_cache_time | Use: main | Type: time | Default: 1d |
Sets the maximum time any specific HELO or EHLO name is cached per IP.
Note that whole records older than this are not automatically removed.
${helocache{<mode>}{<string>}}
This function provides access to the HELO/EHLO cache data.
Conveniently these hosts don't continue to send the email (which is possible despite the 4xx reply to the HELO), so there is no danger of rejecting mail from real hosts because of a DROP verb.
# Enable or disable HELO caching (default: false) helo_cache = true # Maximum number of unique names to cache (default: 4) helo_cache_max = 4 # Expiry time of individual HELO names and whole records (default: 1d) helo_cache_time = 1d
drop condition = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}} condition = ${if match{$sender_helo_name}{\N\.\N}{no}{yes}} log_message = invalid_hosthelo message = Access denied - Invalid HELO name (See RFC2821 4.1.1.1) defer # Store the count so it doesn't have to be repeatedly calculated, # and so it won't suddenly change later in the ACL (e.g. if an entry # was going to expire 1s from now) set acl_m1 = ${helocache{count}{5m}} condition = ${if >{$acl_m1}{1}{yes}{no}} log_message = changing_helo/$acl_m1 message = Access denied - Too many different HELO names ($acl_m1 in the last five minutes)
The code is released under the GNU General Public License (GPL).
This patch is based loosely on Ollie Cook's version which tracks the previous HELO name.
Last modified 2008-01-26T10:12:18+00:00.
©2002-2024 Simon Arlott. All Rights Reserved.