PROBLEM
Spammers are abusing my machine.
ENVIRONMENT
- On-Premise Server + WebMail Installations: Version 6.0 > Current Version
CAUSE
If you are noticing a spammer is abusing your machine which is identifying with a common "HELO" command via SMTP, you can optionally deny all messages which match this rule.
For example a spammer might be identifying to your server with a fake HELO command which is common for all SMTP transactions.
RESOLUTION
- Edit /usr/local/atmail/mailserver/configure
- In the ACL
acl_check_rcpt:
- You can append the new rule below for the HELO check
deny message = HELO not allowed
condition = ${if eq{$sender_helo_name}{spammer.com}{yes}{no}} - Copy the rule for each domain you wish to check.
- Restart the Atmail services and the new HELO check is live.
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 nexus.local.atmail.com Welcome to the @Mail SMTP Server ( Exim )
helo spammer.com
250 nexus.local.atmail.com Hello localhost [127.0.0.1]
mail from: test@test.com
250 OK
rcpt to: test@nexus.atmail.com
550 HELO not allowed
Comments