[Mimedefang] Stopping bogus Domain in HELO
Dirk the Daring
dirk at psicorps.org
Mon Jun 20 12:50:59 EDT 2005
I've added MIMEDefang v2.52 to my sendmail v8.13.4 mail relay running
on Solaris 8, and have significantly reduced my SPAM (I *love* rejecting
SPAMmers who try to HELO as one of my own machines). Of the remaining
SPAM that leaks thru, I'm seeing things like:
> Received: from lh ([60.221.66.22]) by [my host] with SMTP id....
"lh" is an obviously fake hostname. How would I go about requiring a
HELO, if an IP address in brackets is not given, to have a resolvable
FQDN?
Here is what I have in "filter_sender" already:
---- Cut Here ----
sub filter_sender {
my($sender, $hostip, $hostname, $helo) = @_;
# Check #1
# Can't be "psicorps.org" unless it's one of our IP addresses
if ($helo =~ /(^|\.)psicorps\.org$/i) {
if ($hostip ne "127.0.0.1" and $hostip ne "209.170.141.XXX" and
$hostip ne "209.170.141.XXX" and $hostip ne "209.170.141.103" and
$hostip ne "209.170.141.XXX" and $hostip ne "209.170.141.XXX") {
syslog('alert', "MIMEDefang rejected a connection where Host $hostip said HELO $helo");
return('REJECT', "FRAUDULENT HELO/EHLO REJECTED: $hostip is not authorized to use $helo for authentication");
}
}
# Check #2
# Check for HELO where IP address is the relay server address either
# without or with square brackets
if (($helo =~ /209\.170\.141\.103$/) ||
($helo =~ /(^|\[)209\.170\.141\.103\]$/i)) {
syslog('alert',"MIMEDefang rejected a connection where Host $hostip said HELO $helo");
return('REJECT', "FRAUDULENT HELO/EHLO REJECTED: $hostip is not authorized to use $helo for authentication");
}
# Check #3
# Check for IP-address-only HELO - SMTP standard requires it be enclosed
if ($helo =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/) {
syslog('alert',"MIMEDefang rejected a connection where Host $hostip said HELO $helo");
return ('REJECT', "SMTP ERROR: Please conform to SMTP when saying HELO");
}
return('CONTINUE', "OK");
}
---- Cut Here ----
Or would this be better done in filter_relay?
Dirk
More information about the MIMEDefang
mailing list