[Mimedefang] VERY Newbie Question

Yang Xiao yxiao2004 at gmail.com
Fri Oct 29 12:10:51 EDT 2004


On Fri, 29 Oct 2004 17:42:36 +0200, Alexander Dalloz
<alexander.dalloz at uni-bielefeld.de> wrote:
> Am Fr, den 29.10.2004 schrieb Yang Xiao um 15:54:
> 
> > Hi,
> > I found out that the filter_sender() function will be enabled if I
> > turn the MX_SENDER_CHECK option on. I was just wondering where should
> > I put it and how to use it.
> 
> For you as a Fedora user it has to be activated in
> /etc/sysconfig/mimedefang.
> 
> > I got to read the man pages more carefully.
> > As for the usefullness of the code sample, I think it at least get rid
> > of half of the problem, and spammers can still forge the MAIL FROM
> > header if he uses a legit HELO. So the problem is, how do you check
> > the MAIL FROM header then?
> 
> Both HELO and MAIL FROM can be easily forged. The question is, what do
> you want to prohibit? Often a combination of tests is needed to properly
> detect spamming attempts and to not reject valid senders.
> 
> One test which stops quite some guys at the front door is following:
> 
> #***********************************************************************
> # %PROCEDURE: filter_relay
> # %DESCRIPTION:
> #  Check whether helo fits with hosts IP address.
> #***********************************************************************
> sub filter_relay ($$$$) {
>     my ($ip, $name, $helo, $RelayAddr) = @_;
>     # Check if IP correlates to given HELO
>     if (($helo =~ /^(\d{1,3})(.)(\d{1,3})(.)(\d{1,3})(.)(\d{1,3})$/) &&
> ($ip ne $helo)) {
>         md_syslog('warning', "Header forgery attempt: $ip claims to be
> $helo");
>         return ('REJECT', "Header forgery attempt, $ip claims to be
> $helo");
>     }
>     return ('CONTINUE', "ok");
> }
> 
> > Yang
> 
> Alexander
> 

Alex,
Good to see you here.
Won't this check generate a lot of false positive if the sending host
has a hostname that's different from it's public DNS name? I have had
several mailhost like this in places I've worked before, it's not
because we are lazy or careless, but because it's very hard to change
the hostnmae for various reasons.
But as to my problem, I just want to stop anybody from sending to the
mail gateway as local domain users because it's a incoming spam filter
mail host. I guess I would just need to check for MAIL FROM header
somewhere? But where should I implement this check in MIMEdefang? and
do you see any senario that it will break anything?

Thanks,
Yang



More information about the MIMEDefang mailing list