# deny, if foreign, unauthenticated connection claims to come from a local domain deny message = Sender claims to have a local address, but is not authenticated nor relayed (try using SMTP-AUTH!) log_message = Forged Sender address (claims to be local user [${sender_address}], but isn't authenticated) !hosts = +relay_from_hosts !authenticated = * condition = ${if match_domain{$sender_address_domain}{+local_domains}} # # Warnings for invalid HELO. warn message = X-Invalid-HELO: HELO is IP only (See RFC2821 4.1.3) log_message = HELO ($sender_helo_name) is IP only (See RFC2821 4.1.3) condition = ${if isip{$sender_helo_name}} warn message = X-Invalid-HELO: HELO is no FQDN (contains no dot) (See RFC2821 4.1.1.1) log_message = HELO ($sender_helo_name) is no FQDN (contains no dot) (See RFC2821 4.1.1.1) # Required because "[IPv6:
]" will have no .s condition = ${if match{$sender_helo_name}{\N^\[\N}{no}{yes}} condition = ${if match{$sender_helo_name}{\N\.\N}{no}{yes}} warn message = X-Invalid-HELO: HELO is no FQDN (ends in dot) (See RFC2821 4.1.1.1) log_message = HELO ($sender_helo_name) is no FQDN (ends in dot) (See RFC2821 4.1.1.1) condition = ${if match{$sender_helo_name}{\N\.$\N}} warn message = X-Invalid-HELO: HELO is no FQDN (contains double dot) (See RFC2821 4.1.1.1) log_message = HELO ($sender_helo_name) is no FQDN (contains double dot) (See RFC2821 4.1.1.1) condition = ${if match{$sender_helo_name}{\N\.\.\N}} warn message = X-Invalid-HELO: no HELO log_message = no HELO ($sender_helo_name) condition = ${if !def:sender_helo_name} # # Do not accept messages from hosts using our IPs in HELO # deny message = X-Invalid-HELO: Forged IP in HELO: $interface_address is _my_ address log_message = HELO ($sender_helo_name) uses _my_ address ($interface_address) condition = ${if eq{[$interface_address]}{$sender_helo_name}{yes}{no}} deny message = X-Invalid-HELO: Forged IP in HELO. log_message = HELO is our IP condition = ${lookup {$sender_helo_name} \ lsearch{/etc/exim4/rejected-helo.conf} \ {yes}{no}}