[Mimedefang] Non-routable addresses in HELO

Steffen Kaiser skmimedefang at smail.inf.fh-bonn-rhein-sieg.de
Mon Jul 10 03:22:03 EDT 2006

On Sun, 9 Jul 2006, Dirk the Daring wrote:

>    I've noticed some SPAMmers recently starting to HELO using non-routable 
> IP addresses (mostly 10.x.x.x or 192.168.x.x)

See the past threads about this topic; actually only MUAs should use 
private IPs here, but a multi-interface or misconfigured MTA might pick 
the wrong one ... .

>    I'm thinking of filtering for this, and I came up with this code (which 
> would be placed AFTER the check for an IP-based HELO in square brackets - so 
> any IP-based HELO missing the brackets has already been rejected).

The HELO argument is not properly defined, EHLO's one is.

>    I'd appreciate any feedback anyone would like to offer on this code 
> snippet:
>         # Check for a HELO that is a non-routable address and therefore 
> invalid
>         if (($helo =~ /(^|\[)10\.d{1,3}\.d{1,3}\.d{1,3}\]$/i) ||

It makes no sense to optionally allow [ left, but enforce ] on the right 
Digits don't have no case at all.

There was a post about rejecting HELO arguments, where IPs are not 
enclosed in brackets (and other malformed stuff), but otherwise HELO 
checks are nonsense.

>    Obviously, if I have sending hosts on my network that really did have 
> non-routable addresses, this would be a possible problem (altho the simple 
> solution is for them to not HELO with their IP, but use their hostname). And

The better solution would be:
If you trust them -> exempt them from the check at all!
(Use the relay address to determine, if it _really_ is your trusted host.)


Steffen Kaiser

More information about the MIMEDefang mailing list