[Mimedefang] Suggestions on rejecting relays that provide syntactically-invalid arguments to HELO/EHLO

Michael Sims michaels at crye-leike.com
Fri May 23 02:24:00 EDT 2003 

Quoting Jack Olszewski <jacek at hermes.net.au>:

> Not long ago I asked the list about HELOs in the form of an identifier
> without any dots. David answered he allowed those. I am curious about
> your 2-3 rare exceptions in 300-400 pieces of junk. How do they look
> like?

I almost missed them, but there were 3 exceptions (which I am now excluding 
from HELO verification).  One came from a Windows based co-located application 
server that sends notifications to my users directly via SMTP.  This server 
reports its Windows NetBIOS name during the HELO greeting.  Another came from a 
large pharmaceutical company, and a third came from a real-estate related lead 
generation site.

I'll send you an example of one of these messages off-list...

I actually read the thread you are referring to where David said that he allows 
FQDN's.  I started thinking about it and I started to worry that some 
legitimate mail might be blocked.  The company I work for is sales oriented and 
business is based on leads.  I know that many potential customers won't 
complain if they are blocked, they'll just take their business elsewhere.

For that reason I decided to create a wrapper function around 
spam_assassin_check() called my_spam_assassin_check().  I plan to use this to 
do various tests inside MIMEDefang and then add the results to the spam 
assassin score.  This way a non-fqdn HELO argument won't be bounced, it will 
just increase the spam score of the message.  This I feel a little better about.

Here is the initial idea I had for this wrapper:

sub my_spam_assassin_check (;$) {

  # This subroutine is a wrapper around spam_assassin_check
  # and it exists so I can run custom tests in MIMEDefang that
  # add to the total SpamAssassin score
  
  # First run the message through SpamAssassin
  my($hits, $req, $names, $report) = spam_assassin_check(@_);
  my @names = split(',' => $names);
  
  # Run custom checks
  
  # MD_CUSTOM_HELO_NOT_FQDN, score 4
  if ($Helo =~ /^[^\.]+$/) {
  
    my $lcsender    = lc $Sender;
    my $lcrecipient = "rcpts=" . scalar(@Recipients);
    md_syslog("$GraphDefangSyslogFacility|info", 
              "MDLOG,$MsgID,helo_not_fqdn,$RelayAddr,$Helo,$lcsender,".
              "$lcrecipient,$Subject");
    
    $hits += 4;
    push(@names, 'MD_CUSTOM_HELO_NOT_FQDN');
    
  }
  
  $names = join(',' => @names);
  return ($hits, $req, $names, $report);
  
}

___________________________________________
Michael Sims
Project Analyst - Information Technology
Crye-Leike Realtors
Office: (901)758-5648  Pager: (901)769-3722
___________________________________________

More information about the MIMEDefang mailing list