[Mimedefang] Bogus HELO filtering

Damrose, Mark mdamrose at elgin.edu
Wed Jul 7 10:48:02 EDT 2004 

> -----Original Message-----
> From: Jeff Rife [mailto:mimedefang at nabs.net]
> 
> 
> 
> Questions:
> 
>  1. Does this get the job done?

More or less.  

I'd change to
my $MyDomains = '(^|\.)(domain1\.tld|domain2\.tld|domain3\.tld)$';
so it will catch domain1.tld as well as anything.domain1.tld.

Since you anchor your public IPs, you miss the case where someone 
follows the RFC and encloses the IP in square brackets.
my $MyPublicIPs = '^\[?434\.300\.377\.38[789])\]?$';


>  2. Is there a more efficient way that doesn't involve listing out all
>     legal machines?  I have 3 public class C IP blocks, so 
> that would be
>     some real work.

If you have a full /24, then 
my $MyPublicIPs = '^\[?434\.300\.377\.\d{1,3})\]?$';
Should work for the full 24.  You don't need to list each one individually.

Is there any case where someone could legally use your public IP that isn't
listed in trusted networks?
If not, then change to:
if ($helo =~ /($MyDomains|$MyPublicIPs)/)
No sense testing if the Relay is your public IP, if that IP can't be 
legally used, and/or has already been accepted.

> 2a. The real domain list is 20 or so, and growing.  Is there a better
>     way to deal with that list?

Not really.

>  3. Am I breaking any rules by doing this?

Technically yes.  The RFCs say you MUST NOT reject mail solely on the basis
of the HELO.  However it is generally accepted that you can reject on 
HELOs that absolutely can not be.  The trick is to correctly pick
tests for values that can not be.



I've also been catching quite a bit by testing to see if the HELO
name is the local part of the recipient e-mail.


#***********************************************************************
# %PROCEDURE: helo_in_local
# %ARGUMENTS:
#  $H -- The HELO name used in the SMTP dialog
#  @R -- The list of recipients
#
# %RETURNS:
#  True/False
# %DESCRIPTION:
#  Checks to see if the remote system used the local part of the e-mail
#  address as its HELO name.
#***********************************************************************
sub helo_in_local($@) {

    my ($H, @R) = @_; 
    my $status=0; 
    foreach $s (@R) {
        $s =~ s/^\<//;
        $s =~ s/\@.*$//;
        if ( $s =~ m/$H/i ) {
                $status=1;
        }
    }
    return $status;
}

More information about the MIMEDefang mailing list