[Mimedefang] New spammer trick?
David F. Skoll
dfs at roaringpenguin.com
Tue Nov 25 15:44:49 EST 2003
On Tue, 25 Nov 2003, Jon R. Kibler wrote:
> Can you share your code for filter relay based on HELO?
Sure; piece of cake:
sub filter_relay {
my($hostip, $hostname, $helo) = @_;
if ($helo =~ /roaringpenguin\.com$/i) {
return('REJECT', "Go away... $hostip is not a roaringpenguin.com machine");
}
}
NOTE: This machine is only used for INBOUND mail coming from EXTERNAL
sources. There is *never* a valid reason for a roaringpenguin.com to try
to relay through it.
> How much legit mail will that end up rejecting?
None, I would imagine. I can't imagine any possible reason for someone
else's machine to identify itself as "roaringpenguin.com"
> I see a lot of systems where they may say HELO xyz.com and it really
> be from xyz.com, but the hostname would be some ISP reverse DNS
> hostname, such as z.y.x.w.qrst.com and the IP be w.x.y.z -- how would
> your filter handle this?
I only check for the specific case of a machine I know I don't own claiming
to be a roaringpenguin.com machine.
Regards,
David.
More information about the MIMEDefang
mailing list