[Mimedefang] Detecting bogus AOL addresses

Kelson Vibber kelson at speed.net
Fri May 7 19:52:08 EDT 2004


I recently came across the specification for valid AOL addresses.  It's 
simple, and easy to put into a regexp.  It's only blocked 8 messages in the 
last few hours since I went from logging to rejecting, but that's 8 messages 
that didn't need to be scanned for viruses or spam.

In case anyone else might find it useful, here's an abbreviated version of my 
filter_sender:

sub filter_sender ($$$$) {
	my ($sender, $ip, $name, $helo) = @_;
	$sender =~ s/.*\<//;
	$sender =~ s/\>.*//;
	$sender = lc($sender);

	# Check for bogus AOL addresses as described at
	# http://postmaster.aol.com/faq/mailerfaq.html#syntax
	# - all alphanumeric, starting with a letter, from 3 to 16 characters long.
	if ($sender =~ /\@aol.com$/i && $sender ne 'mailer-daemon at aol.com'
		&& $sender !~ /^[a-z][a-z0-9]{2,15}\@aol.com$/i) {
		return ('REJECT', 'Forged AOL address detected.');
		#md_syslog 'info', "$QueueID: Forged AOL address detected.";
	}

	return ('CONTINUE', 'ok');
}

-- 
Kelson Vibber
SpeedGate Communications, <www.speed.net>



More information about the MIMEDefang mailing list