[Mimedefang] Not piggybacking HELO checks

David F. Skoll dfs at roaringpenguin.com
Tue Jan 10 20:37:30 EST 2006


Philip Prindeville wrote:

> BTW:  Are there patches to support calling filter_helo directly, rather
> than bundling it as part of filter_sender?

Not that I'm aware of.

> Here's why:  certain sites that don't get a lot of external mail but do
> need to be "open" to the outside all the same (and no email addresses on
> these machines are published in any way to the outside world) have
> open security, i.e. they will answer a "EXPN" or "VRFY".

> But they shouldn't do this if a connection comes in from a site we don't
> trust, and indeed if we see a bogus HELO, I'd like to give a 5xx
> response right then and there.

This seems like pretty weak security to me.  Is there a valid reason for
having sites answer to an EXPN or VRFY?

> So... what's involved in getting mimedefang to look at and respond
> to the HELO command directly?

You'd need to rework the C code and come up with a mimedefang <->
multiplexor <-> slave protocol for doing it.  It's not too hard, but I
won't do it unless someone submits a clean and ready-to-go patch.  I
don't think the effort is really worth it.

Regards,

David.



More information about the MIMEDefang mailing list