[Mimedefang] Summary of non-routable addresses in HELO

Dirk the Daring dirk at luna.psicorps.org
Mon Jul 10 19:36:57 EDT 2006


On Mon, 10 Jul 2006, mimedefang-request at lists.roaringpenguin.com wrote:

> ------------------------------
> From: Steffen Kaiser <skmimedefang at smail.inf.fh-bonn-rhein-sieg.de>
>
> It makes no sense to optionally allow [ left, but enforce ] on the right
> side. Digits don't have no case at all.

    As with the case portion of the RegEx, the flaw with the bracket was 
probably a code typo. Actually, by the point at which the code would 
reside, an IP-based HELO lacking square brackets would have already been 
REJECTed. Therefore, the test needs to allow for the square brackets.

    Would would be the proper RegEx?

> The better solution would be:
> If you trust them -> exempt them from the check at all!

    That's a bit of a digression. Yes, the first checks I perform are to 
see if the relay address is one of my own hosts, and if it is, I cease 
further checking. But that wasn't what I was asking about.

> ------------------------------
> From: Kayne Kruse <kkruse at pointone.com>
>
> If your seeing drive by spammers, I honestly would be looking at
> implementing greylisting instead.  Most of my spam experience has shown
> that a vast majority is coming from IP addresses that do not get used
> that often.

    I agree that a lot of SPAM is sent courtesy of 'botted Windoze boxes 
and that the same IP rarely gets used twice. Which leads me to politely 
disagree about greylisting.

    I'm not saying that greylisting has no value or should never be used. 
But my personal anti-SPAM philosophy is to reject SPAM as early and often 
as possible. The sooner I identify a connection as obviously bogus, the 
sooner I can drop it, and the less of my resources (bandwidth, CPU, disk, 
etc) the spammer gets to waste.

    Greylisting means I have to have the code to implement it (CPU, RAM) 
and the back-end database to maintain the greylisting info (disk, CPU). If 
a spammer HELOs with an IP address that is obviously bogus, why waste my 
resources greylisting it? Drop the idiot and be done with it.

> ------------------------------
> From: Jim McCullars <jim at info.uah.edu>
>
>   I just reject when someone sends an IP address as a HELO, and it is not
> their actual IP address.  In filter_sender():
>
>  if ($helo =~ /^\d+\.\d+\.\d+\.\d+$/) {  # looks like an IP
>    if ($helo ne $ip) {
>      return('REJECT', "IP address $ip doesn't match helo string $helo");
>    }
>  }

    Thanks, Jim! That's exactly the sort of thing I was looking for. I'm 
going to work on implementing that!

Dirk



More information about the MIMEDefang mailing list