From 78bc06680e73f75c9c11443c9c181a5a4e66e4f4 Mon Sep 17 00:00:00 2001
From: Wolfgang Hottgenroth <w.hottgenroth@krohne.com>
Date: Thu, 23 Oct 2025 13:02:58 +0200
Subject: [PATCH] updates

---
 snippets/exim4.conf | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/snippets/exim4.conf b/snippets/exim4.conf
index f9a89d3..824bcaf 100644
--- a/snippets/exim4.conf
+++ b/snippets/exim4.conf
@@ -3,19 +3,48 @@ domainlist forward_domains = mainscnt.eu
 tls_advertise_hosts = *
 
 
+acl_smtp_connect = acl_connect
+acl_smtp_helo = acl_helo
 acl_smtp_rcpt = acl_rcpt
 acl_smtp_data = acl_data
 
 begin acl
 
+acl_connect:
+  deny message = Reverse DNS required
+       !verify = reverse_host_lookup
+  accept
+
+acl_helo:
+  deny message = Invalid HELO/EHLO name
+       condition = ${if match{$sender_helo_name}{\N^(localhost|localhost\.localdomain|\[?[0-9]{1,3}(\.[0-9]{1,3}){3}\]?)$\N}{yes}{no}}
+   accept
+
 acl_rcpt:
   require verify = recipient
 
+  # SPF check
+  deny  message = Access denied
+        spf = fail
+
+  # Greylisting
+  defer message = Try again later
+        !seen = 72h / key=${sender_address}_${local_part}@${domain}
+
+  # Rate limit
+  deny  message = Access denied
+        ratelimit = 10 / 10m / strict
+
   accept condition = ${if match_domain{$domain}{+forward_domains}{yes}{no}}
 
   deny  message = Access denied
 
 acl_data:
+  warn  dkim_status = invalid
+        add_header = X-DKIM-Status: invalid
+  warn  dkim_status = pass
+        add_header = X-DKIM-Status: pass
+
   accept