Block SMTP connections based on HELO name

From Wiki
Jump to: navigation, search

On a cPanel server you can use the Exim Configuration Manager advanced editor to add a custom HELO ACL.

Go to Service Configuration » Exim Configuration Manager

Click on Advanced Editor.

Scroll down to acl_smtp_helo and enter the following lines under the custom_begin_smtp_helo header.

drop
   condition = ${if eq {$sender_helo_name}{ylmf-pc} {yes}{no}}
   log_message = HELO/EHLO - ylmf-pc blocked
   message = ylmf-pc blocked

Enter the following line under custom_end_smtp_helo

accept
Note: If you do not enter this ALL mail will be rejected.

You can also specify multiple conditions.

acl_check_helo:
        accept  
                hosts = +own_hosts

	# If the HELO pretend to be this host
	deny	condition = ${if or { \
					{eq {${lc:$sender_helo_name}}{example.com}} \
					{eq {${lc:$sender_helo_name}}{1.2.3.4}} \
				    } {true}{false} }

        # by default we accept
        accept

Testing

You can test the ACL by connecting to the server using telnet. Issuing a helo name of "ylmf-pc" should be blocked.

[wattersm@wattersm.liquidweb.com] ~ >> telnet 1.2.3.4 25
Trying 1.2.3.4...
Connected to 1.2.3.4.
Escape character is '^]'.
220-host2.example.com ESMTP Exim 4.84 #2 Tue, 17 Feb 2015 10:53:11 -0500 
220-We do not authorize the use of this system to transport unsolicited, 
220 and/or bulk e-mail.
helo ylmf-pc

550 ylmf-pc blocked
Connection closed by foreign host.