[Mimedefang] Suggestions on rejecting relays that provide syntactically-invalid arguments to HELO/EHLO
Michael Sims
michaels at crye-leike.com
Fri May 23 02:24:00 EDT 2003
Quoting Jack Olszewski <jacek at hermes.net.au>:
> Not long ago I asked the list about HELOs in the form of an identifier
> without any dots. David answered he allowed those. I am curious about
> your 2-3 rare exceptions in 300-400 pieces of junk. How do they look
> like?
I almost missed them, but there were 3 exceptions (which I am now excluding
from HELO verification). One came from a Windows based co-located application
server that sends notifications to my users directly via SMTP. This server
reports its Windows NetBIOS name during the HELO greeting. Another came from a
large pharmaceutical company, and a third came from a real-estate related lead
generation site.
I'll send you an example of one of these messages off-list...
I actually read the thread you are referring to where David said that he allows
FQDN's. I started thinking about it and I started to worry that some
legitimate mail might be blocked. The company I work for is sales oriented and
business is based on leads. I know that many potential customers won't
complain if they are blocked, they'll just take their business elsewhere.
For that reason I decided to create a wrapper function around
spam_assassin_check() called my_spam_assassin_check(). I plan to use this to
do various tests inside MIMEDefang and then add the results to the spam
assassin score. This way a non-fqdn HELO argument won't be bounced, it will
just increase the spam score of the message. This I feel a little better about.
Here is the initial idea I had for this wrapper:
sub my_spam_assassin_check (;$) {
# This subroutine is a wrapper around spam_assassin_check
# and it exists so I can run custom tests in MIMEDefang that
# add to the total SpamAssassin score
# First run the message through SpamAssassin
my($hits, $req, $names, $report) = spam_assassin_check(@_);
my @names = split(',' => $names);
# Run custom checks
# MD_CUSTOM_HELO_NOT_FQDN, score 4
if ($Helo =~ /^[^\.]+$/) {
my $lcsender = lc $Sender;
my $lcrecipient = "rcpts=" . scalar(@Recipients);
md_syslog("$GraphDefangSyslogFacility|info",
"MDLOG,$MsgID,helo_not_fqdn,$RelayAddr,$Helo,$lcsender,".
"$lcrecipient,$Subject");
$hits += 4;
push(@names, 'MD_CUSTOM_HELO_NOT_FQDN');
}
$names = join(',' => @names);
return ($hits, $req, $names, $report);
}
___________________________________________
Michael Sims
Project Analyst - Information Technology
Crye-Leike Realtors
Office: (901)758-5648 Pager: (901)769-3722
___________________________________________
More information about the MIMEDefang
mailing list