[Mimedefang] code to handle "troublesome domains"
Matt Cramer
mscramer at armstrong.com
Fri Sep 26 10:56:01 EDT 2003
At:
http://lists.roaringpenguin.com/pipermail/mimedefang/2003-September/008088.html
I posted some code that compared the sender's email address to the
sending relay for certain domains which spammers love to use (aol.com,
hotmail.com, etc.). If user at hotmail.com came from a relay that did not
reverse resolve and match /.*hotmail.com/ I rejected it.
I have microsoft.com in this list, and couldn't figure out why I was
getting those annoying M$ viruses with from addresses of
something at advisor.microsoft.com. I saw I didn't have the correct regex in
my code.
Also, I noticed my check against the relay name was not anchored to the
end of the string. So if hotmail.com is in my list, a spammer could send
using user at hotmail.com if their relay was fake.hotmail.com.spammer.com.
Unlikely, but no reason to allow it.
Here is the changed code for anyone who is using my old code:
my $check;
foreach $check (@greylist) {
if ($sender=~/[\@\.]$check>?$/i) {
if (!($hostname=~/$check$/i)) {
Matt
--
Matthew S. Cramer <mscramer at armstrong.com> Office: 717-396-5032
Infrastructure Security Analyst Fax: 717-396-5590
Armstrong World Industries, Inc. Cell: 717-917-7099
More information about the MIMEDefang
mailing list