[Mimedefang] $helo filter checks

Wed Oct 1 22:50:01 EDT 2003

Hello,

I have installed the following code to combat HELO spoofing under sub
filter_relay:

 elsif ($helo =~ /mydomain\.net$/i) {
        if ($hostip ne '127.0.0.1' or
        $hostip !~ /^xx\.xx\.xxx\.\d{1,3}$/ or
        $hostip !~ /^xx\.xx\.xxx\.\d{1,3}$/ or
        $hostip !~ /^xx\.xx\.xxx\.\d{1,3}$/ or
        $hostip !~ /^xx\.xx\.xxx\.\d{1,3}$/ or
        $hostip !~ /^xx\.xx\.xxx\.\d{1,3}$/ or
        $hostip !~ /^xx\.xx\.xxx\.\d{1,3}$/ or
        $hostip !~ /^xx\.xxx\.xxx\.\d{1,3}$/ or
        $hostip !~ /^xx\.xxx\.xxx\.\d{1,3}$/) {
                return (0, "Connect rejected! - $hostip is not
mydomain.net");
        }
    }

This works great!  I was getting at least 10 spams a day because of HELO
spoofing and now I get none.  But here is some weird behavior I have seen in
the logs:

First, when I receive an email from the MIME Defang list it gets rejected
saying 127.0.0.1 is not mydomain.net.  Secondly, some of our users with
Netscape and some versions of Eudora get rejected even though their ip is
ours, and should match up.  We figure that must be some mail client
weirdness.  I know others have implemented this filter strategy and was
wondering if they had run into this or know of any workarounds.

Thanks,

Philip