[Mimedefang] $helo versus $ip
Jack Olszewski
jacek at hermes.net.au
Mon Feb 2 20:41:04 EST 2004
Hello all,
In the archives of this list I can't find anything on possible checks
of $helo versus $ip in filter_relay. What about finding the address of
the host given as $helo, and matching it against $ip? Would it be safe
to reject the message if they do not match? For instance (not tested
in mimedefang-filter yet):
use Net::DNS;
sub filter_relay {
my($ip,$name,$helo) = @_;
# allow outgoing mail
if ($ip eq "127.0.0.1" or
$ip =~ $local_net
) {
return(1,"ok");
}
# stop fake helo
if ($helo =~ /$my_ip/ or $helo =~ /$my_domain/i) {
return(0,"Rejected, $helo is not your true address");
# stop bare ip as helo
} elsif ($helo =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/) {
return(0,"Rejected, see http://www.hermes.net.au/helo.php.");
# accept ip in square brackets
} elsif ($helo =~ /^\[{\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\]$/) {
return(1,"ok");
} else {
# check helo v. ip, allow if they match
$res = new Net::DNS::Resolver;
$query = $res->search($helo);
if ($query) {
foreach $rr ($query->answer) {
next unless $rr->type eq "A";
return(1,"ok") if $rr->address eq $ip;
}
return(0,"Rejected, $helo address and $ip do not match");
}
}
I am not sure if:
1. the last part can result in false positives,
2. it may be too big a load for a fairly busy server.
I think sendmail could be configured to do such checks but I don't
know how.
Jack
More information about the MIMEDefang
mailing list