[Mimedefang] Reject email due to disguised helo
Mark Emerle
emerle at vdata.com
Thu Nov 6 16:23:24 EST 2003
Hi-
Lately, we have a spammer that is identifying himself as sending email from
our domain. I want to create a filter_relay in my
/etc/mail/mimedefang-filter to prevent this from happening. I am currently
using mimedefang-2.37. Here is my problem, the man page for
mimedefang-filter is different than the documentation I am seeing on the web
page (http://www.mimedefang.org/node.php?id=18) and not sure which method
would be the correct one. If I run mimedefang.pl -f mimedefang-filter -test
with either versions of the code, I get Filter mimedefang-filter seems
syntactically correct. Please let me know which version of the code should I
use. I am mostly concerned with the return values.
>From the man page:
sub filter_relay {
my($ip, $name, $helo) = @_;
if ($helo =~ /foo.com/i) {
if ($ip !~ /^192.94.55./) {
return('REJECT', "Connection rejected - $ip is not foo.com");
}
}
return('CONTINUE', "ok");
}
>From the mimedfang web page:
sub filter_relay {
my($ip, $name, $helo) = @_;
return(1, "OK") if ($ip eq "127.0.0.1"); # no further checking if
localhost
if ($helo =~ /(^|.)foo.com$/i) {
if ($ip !~ /^192.94.55./) {
return(0, "Connect rejected - $ip is not foo.com");
}
}
return(1, "OK");
}
-Mark Emerle
More information about the MIMEDefang
mailing list