[Mimedefang] trouble with filter_sender and faked mail from my domain to my domain

[Scott Harris]

Howdy, 
I'm still having random problems with filter_sender.
It seems it isn't invoked all the time.  Following the
advice from other threads I saw, I modified my filter
(below) to reject everything.  That seemed to work fine
so I was convinced my filter was running.  However, some
mail addressed To: and From: my domain was still slipping
through.

So then I modified the filter to log every single time to
help identy the from, to, helo etc.  From a spam that got
caught this morning, it was sent to uucp at mydomain.com from
uucp at mydomain.com.  The log clearly shows that the helo was
not from my domain, yet the email slipped through.

Aug 15 15:06:17 mail2 mimedefang.pl[9795]: Scooter: sender->
<uucp at mydomain.com>, host->87.49.57.14, 
hostname->0x5731390e.kjnxx10.adsl-dhcp.tele.dk, 
helo->0x5731390e.kjnxx10.adsl-dhcp.tele.dk

Does my filter look correct?  It is based on the one from
the web site.  

Any other advice or recommendations would be appreciated.

Thanks




sub filter_sender {
    my($sender, $hostip, $hostname, $helo) = @_;

    if ($helo =~ /(^|.)mydomain.com$/i) {
        if ($hostip ne "127.0.0.1" and $hostip ne "192.168.34.55" and
            $hostip ne "192.168.34.22" and
            $hostip ne "62.120.255.179" and $hostip ne "62.120.255.181") {
            md_syslog('info', "Host $hostip said HELO $helo");
            return(0, "Go away. $hostip is not a mydomain.com machine");
        }
    }
            md_syslog('info', "Scooter: sender->$sender, host->$hostip,
hostname->$hostname, helo->$helo");
    return (1, "OK");
}