[Mimedefang] $helo versus $ip

[Jack Olszewski]

Hello all,

In the archives of this list I can't find anything on possible checks
of $helo versus $ip in filter_relay. What about finding the address of
the host given as $helo, and matching it against $ip? Would it be safe
to reject the message if they do not match? For instance (not tested
in mimedefang-filter yet): 

use Net::DNS;

sub filter_relay {
    my($ip,$name,$helo) = @_;
# allow outgoing mail
    if ($ip eq "127.0.0.1" or
	$ip =~ $local_net
	) {
	return(1,"ok");
    }
# stop fake helo
    if ($helo =~ /$my_ip/ or $helo =~ /$my_domain/i) {
	return(0,"Rejected, $helo is not your true address");
# stop bare ip as helo 
    } elsif ($helo =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/) {
	return(0,"Rejected, see http://www.hermes.net.au/helo.php.");
# accept ip in square brackets
    } elsif ($helo =~ /^\[{\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\]$/) {
        return(1,"ok");
    } else {
# check helo v. ip, allow if they match
    $res = new Net::DNS::Resolver;
    $query = $res->search($helo);
    if ($query) {
       foreach $rr ($query->answer) {
	   next unless $rr->type eq "A";
           return(1,"ok") if $rr->address eq $ip;
       }
       return(0,"Rejected, $helo address and $ip do not match");
    }
}

I am not sure if:

1. the last part can result in false positives,
2. it may be too big a load for a fairly busy server.

I think sendmail could be configured to do such checks but I don't
know how.

Jack