[Mimedefang] Noting "may be forged" and IP-only HELO in filter_end

[John Rudd]

For the IP-only HELO, or for HELO addresses you don't like, why not 
reject it during filter_helo?  That's when I do it (though, I don't 
think I'm doing it for IP-only HELO's, I'm just doing it for obviously 
stupid HELO's, like ones that claim to be from my own domain when the 
IP addr isn't in my block, or from localhost when it's not localhost).


On Mar 11, 2006, at 7:23 AM, Dirk the Daring wrote:

>    As I understand it, different MIMEDefang instances (slaves) may
> handle a given E-Mail as it progresses from "early" functions (e.g.
> filter_helo, filter_sender, filter_recipient) to the "later" functions
> (e.g. filter_begin, filter, filter_multipart, filter_end) that are all
> handed by one instance,
>
>    I'm wondering if anyone has a low-cost mthods of passing the fact
> that a particular incoming E-Mail had an IP-only HELO (I flatly REJECT
> any HELO that is not an FQDN or that's otherwise obviously bogus - such
> as my own IP address or Domain Name), or detecting that sendmail thinks
> the HELO might be forged (as it notes in the "Received: from" header).
> I'd like to use the information in filter_end, but I don't have the 
> HELO
> string (which I analyzed back in "filter_recipient" and would prefer 
> not
> to "pay" to extract from the headers and analyze again) and I'm not 
> sure
> how to detect the "may be forged" indication from sendmail, since I
> don't think that header is available in filter_end.
> _______________________________________________
> NOTE: If there is a disclaimer or other legal boilerplate in the above
> message, it is NULL AND VOID.  You may ignore it.
>
> Visit http://www.mimedefang.org and http://www.roaringpenguin.com
> MIMEDefang mailing list MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang