[Mimedefang] Timeouts when filter-sender is employed

James Ebright jebright at esisnet.com
Wed Jun 15 20:13:42 EDT 2005


On Wed, 15 Jun 2005 17:40:58 -0400 (EDT), Dirk the Daring wrote

> ##########
> sub filter_sender {
>     my($sender, $hostip, $hostname, $helo) = @_;
> 
>     # Can't be "psicorps.org" unless it's one of our IP's.
>     if ($helo =~ /(^|\.)psicorps\.org$/i) {
>         if ($hostip ne "127.0.0.1" and $hostip ne "209.170.141.XXX" and
>             $hostip ne "209.170.141.XXX" and $hostip ne 
> "209.170.141.103") and            $hostip ne "209.170.141.XXX" and 
> $hostip ne "209.170.141.XXX") {            syslog('info',
>  "MIMEDefang rejected a connection where Host $hostip said HELO 
> $helo");            return(0, "Connection Rejected: $hostip is not 
> authorized to use $helo for identification");        }    }    
> return (1, "OK"); }
> ##########


OK, I assume the XXX you have in there are actually filled in with real
values.. otherwise you will never match without using a regex, something like:

if ($hostip ne "127.0.0.1" and $hostip !~ /^209\.170\.141\./ and

You also might consider matching the helo on your own servers IPs as well, we
get many that helo as our servers IP and unless it is our server or 127.0.0.1
then.... its a nono (note, IP literals as HELO are valid, but are supposed to
be encosed in square brackets... something some MTAs and many MUAs seem to
ignore).

Simple enough to do, something like:

if (($helo =~ /(^|\.)psicorps\.org$/i) || ($helo =~
/(^|\[)209\.170\.141\.103\]$/i)) {

Also, I think you have your reject and ok flipped (ok is 0 and reject is 1 I
think), returning the value is depreciated anyway, us the constants like so:

 return('REJECT', "Connection Rejected: $hostip is not authorized to use $helo
for identification");

and 

return ('CONTINUE', "ok");

Jim
--
EsisNet.com Webmail Client




More information about the MIMEDefang mailing list