[Mimedefang] VERY Newbie Question
Alexander Dalloz
alexander.dalloz at uni-bielefeld.de
Fri Oct 29 11:42:36 EDT 2004
Am Fr, den 29.10.2004 schrieb Yang Xiao um 15:54:
> Hi,
> I found out that the filter_sender() function will be enabled if I
> turn the MX_SENDER_CHECK option on. I was just wondering where should
> I put it and how to use it.
For you as a Fedora user it has to be activated in
/etc/sysconfig/mimedefang.
> I got to read the man pages more carefully.
> As for the usefullness of the code sample, I think it at least get rid
> of half of the problem, and spammers can still forge the MAIL FROM
> header if he uses a legit HELO. So the problem is, how do you check
> the MAIL FROM header then?
Both HELO and MAIL FROM can be easily forged. The question is, what do
you want to prohibit? Often a combination of tests is needed to properly
detect spamming attempts and to not reject valid senders.
One test which stops quite some guys at the front door is following:
#***********************************************************************
# %PROCEDURE: filter_relay
# %DESCRIPTION:
# Check whether helo fits with hosts IP address.
#***********************************************************************
sub filter_relay ($$$$) {
my ($ip, $name, $helo, $RelayAddr) = @_;
# Check if IP correlates to given HELO
if (($helo =~ /^(\d{1,3})(.)(\d{1,3})(.)(\d{1,3})(.)(\d{1,3})$/) &&
($ip ne $helo)) {
md_syslog('warning', "Header forgery attempt: $ip claims to be
$helo");
return ('REJECT', "Header forgery attempt, $ip claims to be
$helo");
}
return ('CONTINUE', "ok");
}
> Yang
Alexander
--
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.8-1.521smp
Serendipity 17:34:56 up 9 days, 14:14, load average: 0.02, 0.06, 0.09
More information about the MIMEDefang
mailing list