[Mimedefang] Requiring FQDN in HELO

[Cormack, Ken]

>    The ultimate goal to allow filter_sender to reject any E-Mail where
> the HELO is a blank string (spaces) or something like "localhost"
> without any qualification. Are there any reasons that legit,
> reasonbly-standards-compliant senders would do those things?

In my environment, I've noticed that WAY too much valid email is sent from
hosts that are lame in this respect, sending partial or non-FQDN hostnames,
or that identify themselves with a hostname/domain/"tld" that might be
appropriate for the sender's INTERNAL/PRIVATE environment
(myhost.nowhere.not).  To evaluate YOUR potential for success/risk, you
might try just adding something in filter_sender, to perform logging-only,
of the value of $helo.  Then, you can review your list of log entries.

In filter_sender you could add a line like this:

    md_syslog('info', "$QueueID: helo_string: Host $ip ($name) said \"HELO
$helo\"");

Frankly, I found a quite effect check was to look for the absense of square
brackets, around what otherwise try to pass themselves off as "IP
addresses".  (ie: "123.45.67.89", rather than "[123.45.67.89]" at the HELO.)

I use the following snippet, gleaned from this discussion list, in
filter_sender:

    # reject all email with a numeric HELO string if it lacks
    # surrounding square brackets:
    if ($helo =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/) {
      md_syslog('info', "$QueueID: helo_ip_lacks_brackets: Host $ip ($name)
said \"HELO $helo\"");
      return ('REJECT', "Litteral IP address in SMTP HELO lacks required
brackets");
    }

On average, this one rule blocks 1300-2200 messages per day, on my servers
(and that's after any access.db lookups that might first block by IP).

Ken