[Mimedefang] example of DNS sanity-checking
Kees Cook
kees at osdl.org
Wed Aug 27 14:24:00 EDT 2003
I saw a few posts to the list asking about details on various DNS tests,
etc, and I thought I'd share what I wrote. This was originally part of a
DNS RBL server I was writing, and it fits nicely into mimedefang too. I
haven't broken it out into a separate module yet (which should be pretty
easy), but it's quite configurable as it is.
The attached mimedefang-filter was originally the base example, but I've
made a few minor tweaks to the SpamAssassin stuff too (more headers like
native SpamAssassin, bouncing high scorers, etc).
The big hash at the top of the file has a whole mess of tests for
rejecting connections (during filter_relay) based on regular expressions.
This is much nicer than sendmail's access.db stuff, I think. Also, there
is DNS spoof checking, and some basic HELO spoof testing (somewhat
inspired by the filter_relay details in the mimedefang FAQ).
I hope other people using "-r" can use this stuff! :)
--
Kees Cook
Open Souce Development Lab
kees at osdl.org
More information about the MIMEDefang
mailing list