[Mimedefang] RegEx for HELO evaluation
Dirk the Daring
dirk at psicorps.org
Sat Jul 22 20:12:27 EDT 2006
Since MIMEDefang v2.57 would require some minor filter code mods
anyway, I'm looking at re-writing my mimedefang-filter file to take
advantage of some features I've not used before. Along with that, I'd
taking a fresh look at some of the things I already do, such as filtering
based on HELO, and incorporating some ideas I've seen on this list.
I'm thinking of using this RegEx to sort HELO into "IP address,
with or without square brackets" or "everything else":
/^(\[?)(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(\]?)$/
As I understand that, a matching string will be broken up into $1,
$2 and $3, while a non-matching string won't be broken up.
Here's the program logic I'm considering in filter_helo:
if ( $helo =~ /^(\[?)(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(\]?)$/ )
{
# HELO was an IP
if ( $2 eq $helo )
{
# HELO was not surrounded by square brackets
return('REJECT', "INVALID HELO - missing square brackets");
}
if ( $2 ne $hostip )
{
# IP HELO doesn't match actual IP
return('REJECT', "FRAUDULENT HELO - $helo is not $hostip");
}
# Other HELO validity checks
}
else
{
# HELO was not an IP
# Various HELO validity checks
}
If anyone would like to offer feedback on these ideas, I'd
appreciate it.
Dirk
More information about the MIMEDefang
mailing list