[Mimedefang] Bouncing on invalid HELO/EHLO
Edgars Klepers
mimedefanglist at eklynx.com
Thu Jun 12 13:36:01 EDT 2003
Not knowing perl that well, am I able to use a check with a /27 subnet end,
or do I have to list out each IP address?
-Edgars-
-----Original Message-----
From: mimedefang-admin at lists.roaringpenguin.com
[mailto:mimedefang-admin at lists.roaringpenguin.com] On Behalf Of Michael Sims
Sent: Thursday, June 12, 2003 10:18 AM
To: mimedefang at lists.roaringpenguin.com
Subject: RE: [Mimedefang] Bouncing on invalid HELO/EHLO
Quoting Edgars Klepers <mimedefanglist at eklynx.com>:
> I just added your code to my setup and the next message I tried to
> send popped up the caught message in the log files.
[...]
> So it looks like when outlook sends mail through, it doesn't use the
> FQDN. Unless theres a setting I have configured wrong that is..
I'm very sorry, I left out a fairly critical requirement for my non-FQDN
filter. It will only work if you do not scan "internal" mail. By internal
mail I'm referring to any trusted client that is allowed to relay mail via
the server that MD is installed on. As you've seen, any Windows machine
using Outlook (and I assume most any other MUA) is always going to report
its NetBIOS hostname as the EHLO/HELO argument.
I think it's a good idea in general to skip the SpamAssassin check for mail
from trusted networks. I've implemented this in my filter using a sub
called
relayIsTrusted():
if (relayIsTrusted($RelayAddr)) {
//do spam assassin stuff
}
Inside relayIsTrusted I define a group of network/subnet mask pairs that are
considered "trusted" and therefore exempt from any filtering (other than
virus checks). I can provide full code offlist if anyone is interested.
This is fairly easy on my side because I have a external smart host which
all outgoing mail is relayed through. Therefore my list of "trusted" relays
only consists of a couple of IP addresses. If you're scanning on the same
mail server that your end users use to submit mail then this will probably
be a little more complicated, but it shouldn't be much more.
It has been my experience that 99% of legitimate mail relays report their
fully qualified domain name. The ones that do not are either direct-to-MX
spammers (in which case their ratware reports their machine's NetBIOS name),
or they are windows mail servers which are maintained by ignorant admins.
Because of the second case I only add 3 points to the score.
Hope this makes things clearer...
___________________________________________
Michael Sims
Project Analyst - Information Technology
Crye-Leike Realtors
Office: (901)758-5648 Pager: (901)769-3722
___________________________________________
_______________________________________________
MIMEDefang mailing list
MIMEDefang at lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
More information about the MIMEDefang
mailing list