[Mimedefang] sendmail and filter_helo interaction
John Rudd
john at rudd.cc
Fri Nov 10 01:11:37 EST 2006
Dirk the Daring wrote:
>
>
> # Check #4
> # If the HELO is an FQDN, the index and rindex of "." will not
> be the same
> # This catches the spammer using domain.tld (which will slip
> # by Check #2)
> if ( index($helo, ".") == rindex($helo, ".") )
> {
> # Reject connection - invalid HELO
> md_syslog('alert', "Non-FQDN HELO $helo by Host $hostip");
> return('REJECT', "INVALID HELO/EHLO: $helo is
> not FQDN");
> }
>
>
> As I wrote previously, my entire filter is heavily logged. My
> analysis of those logs indicates that only about 50% of foreign
> mailhosts connecting to my network get past HELO. Based on the
> I-think-reasonable assumption that no "legitimate" mail server would be
> tripped up by GREETPAUSE, RATECONTROL, CONNCONTROL or the tests I have
> in filter_helo, my conclusion is that those 50% are spammers, and I'm
> effectively stopping them by the end of HELO.
>
Given that I don't think check #4 is valid, I'm not sure I believe your
claim. For one, depending on the configuration I'm using, you might end
up rejecting my email, because my mail server's hostname is the
registered domain name (rudd.cc) ... and I'm not a spammer.
(I don't recall any prohibition on a host's name being just its
registered domain, domain.tld)
I'm also curious why you're using a lot of index/rindex calls instead of
regular expressions (I'm not enough of an expert to know if one is
honestly faster than the other). For the above one, why not:
$helo =~ /^[^\.]+\.[^\.]+$/
(from the start of the string, one or more non-dots, followed by 1 dot,
followed by one or more non-dots, and then the end of the string; you
can only match this expression if you have exactly 1 dot in the strong)
Or,
(($helo =~ /\./) && ($helo !~ /\..+\./)
(contains at least one dot, AND does not contain: a dot, at least any
one other character, and then another dot, anywhere in the string;
again, you can only match these two expressions if you have exactly one
dot in the string)
$helo =~ /\./
also works for your "index of . isn't -1" check.
More information about the MIMEDefang
mailing list