[Mimedefang] RegEx for HELO evaluation

Dirk the Daring dirk at psicorps.org
Sat Jul 22 20:12:27 EDT 2006


 	Since MIMEDefang v2.57 would require some minor filter code mods 
anyway, I'm looking at re-writing my mimedefang-filter file to take 
advantage of some features I've not used before. Along with that, I'd 
taking a fresh look at some of the things I already do, such as filtering 
based on HELO, and incorporating some ideas I've seen on this list.

 	I'm thinking of using this RegEx to sort HELO into "IP address, 
with or without square brackets" or "everything else":

 	 /^(\[?)(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(\]?)$/

 	As I understand that, a matching string will be broken up into $1, 
$2 and $3, while a non-matching string won't be broken up.

 	Here's the program logic I'm considering in filter_helo:

 	if ( $helo =~  /^(\[?)(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(\]?)$/ )
 		{
 		# HELO was an IP
 		if ( $2 eq $helo )
 			{
 			# HELO was not surrounded by square brackets
 			return('REJECT', "INVALID HELO - missing square brackets");
 			}
 		if ( $2 ne $hostip )
 			{
 			# IP HELO doesn't match actual IP
 			return('REJECT', "FRAUDULENT HELO - $helo is not $hostip");
 			}
 		# Other HELO validity checks
 		}
 	else
 		{
 		# HELO was not an IP
 		# Various HELO validity checks
 		}

 	If anyone would like to offer feedback on these ideas, I'd 
appreciate it.

Dirk



More information about the MIMEDefang mailing list