[Mimedefang] Not piggybacking HELO checks
David F. Skoll
dfs at roaringpenguin.com
Tue Jan 10 20:37:30 EST 2006
Philip Prindeville wrote:
> BTW: Are there patches to support calling filter_helo directly, rather
> than bundling it as part of filter_sender?
Not that I'm aware of.
> Here's why: certain sites that don't get a lot of external mail but do
> need to be "open" to the outside all the same (and no email addresses on
> these machines are published in any way to the outside world) have
> open security, i.e. they will answer a "EXPN" or "VRFY".
> But they shouldn't do this if a connection comes in from a site we don't
> trust, and indeed if we see a bogus HELO, I'd like to give a 5xx
> response right then and there.
This seems like pretty weak security to me. Is there a valid reason for
having sites answer to an EXPN or VRFY?
> So... what's involved in getting mimedefang to look at and respond
> to the HELO command directly?
You'd need to rework the C code and come up with a mimedefang <->
multiplexor <-> slave protocol for doing it. It's not too hard, but I
won't do it unless someone submits a clean and ready-to-go patch. I
don't think the effort is really worth it.
Regards,
David.
More information about the MIMEDefang
mailing list