[Mimedefang] How to block based on bad dns resolution names?
Jack Olszewski
jacek at hermes.net.au
Wed Mar 10 18:29:16 EST 2004
From: David Fowler <dfowler at transland.com>
Subject: [Mimedefang] How to block based on bad dns resolution names?
Date: Wed, 10 Mar 2004 17:09:11 -0500
dfowler> Here's one that I would love to crush, filter, destroy:
dfowler>
dfowler> Received: from smtpikdpivfmvm02w.worldwidemailserver.com (localhost
dfowler> [203.210.222.130] (may be forged))
dfowler>
dfowler> The part that yanks my chain is the "resolved localhost". Nslookup returns
dfowler> the same result.
dfowler>
dfowler> I would like to reject the connection like I do for localhost and numeric
dfowler> IPs in the HELO.
dfowler>
dfowler> Is there a variable for this that I can filter on? I'm getting a little
dfowler> punchy looking for it. This isn't an isolated case either. I have caught
dfowler> 11 different IPs doing this in the 203.210 segment alone, and none of them
dfowler> were sending legitimate email.
dfowler>
dfowler> Any help would be appreciated.
dfowler>
dfowler> David Fowler
dfowler>
How about filter_relay rejecting messages whose
$name eq 'localhost' and $ip ne '127.0.0.1'
?
Just a thought, untested.
Jack
More information about the MIMEDefang
mailing list