[Mimedefang] $helo filter checks

dr john halewood john at unidec.co.uk
Mon Oct 20 09:53:44 EDT 2003 

On Monday 20 Oct 2003 1:16 pm, Ole Holm Nielsen wrote:
>Can someone kindly provide a correct and complete working filter_relay
>subroutine which only needs to be customized with our server's IP-address ?

The following example (which was mostly hacked/stolen from bits published on 
this mailing list, does exactly that. It also rejects spoofed mail pretending 
to be from my domain which actually comes from outside, and finally rejects 
mails who send the HELO as my own server's IP address (not uncommon).

sub filter_relay {

my ($hostip, $hostname, $helo) = @_;

my $addr = '';
my $network_string = '';
my $mask_string = '';
my $thelo = $helo;
my $ip = $hostip;
my $host = $hostname;


# List networks that should be exempt from all filtering by
# putting their network/mask pairs into the exempt_subnets
# associative array.  (Follow the example for the loopback.)

my %exempt_subnets = (
        '127.0.0.0',    '255.0.0.0',            # loopback
        '192.168.1.0',   '255.255.255.0',      # internal
        '195.166.19.0',   '255.255.255.0',    # external
);
    
# If the address of the connecting client falls within one of
# the subnets defined by %exempt_subnets, then bypass all
# further filtering.

$addr = inet_aton $hostip;
while (($network_string, $mask_string) = each %exempt_subnets) {
        my $network = inet_aton $network_string;
        my $mask = inet_aton $mask_string;
        if (($addr & $mask) eq $network) {
                return ('ACCEPT_AND_NO_MORE_FILTERING', 'ok');
            }
        }

# Now check to see if someone on the internet is pretending to be ourselves

if ( $thelo =~ /example.com$/i ) {
       if ($hostip ne "127\.0\.0\.1" and $hostip !~ /^195\.166\.20\./ and 
$hostip !~ /^195\.166\.19\./ ) {
           md_syslog('info', "Host $hostip ($hostname) said HELO $helo");
           return("REJECT", "Go Away $hostip is not part of example.com");
           }
       }

#finally check for servers pretending to be this one. If they claim to
#be my IP address and aren't, drop them.
if ( $helo =~ /^195.166.19.11$/i ) {
        if ($hostip ne "195\.166\.19\.11") {
           return("REJECT", "Rejected: $helo is not a valid HELO/EHLO 
response.");
           }
        }

# The client isn't in an exempt subnet and isn't lying about who it is;
# filtering should continue.
return ('CONTINUE', 'ok');

}


This should get you going to being with

cheers
john

More information about the MIMEDefang mailing list