[Mimedefang] Anyone seen LOTS of "HELO" IPs lacking brackets today?

[Cormack, Ken]

Hello, list.

Just today, we've seen a LARGE number of customers with whom we email
regularly, all of a suddent begin getting rejected by us, for our MIMEDefang
rule that inspects any IP address passed in the HELO/EHLO, to ensure it has
square-brackets.

Here's the rule we've been using (which we have in sub filter_sender)...

    # reject email with a numeric HELO string if it lacks
    # surrounding square brackets:
    if ($helo =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/) {
        if (whitelist_ip($ip)) {
            md_syslog('info', "$QueueID: helo_ip_lacks_brackets_exempt: Host
$ip ($name) said \"HELO $helo\"");
        } else {
            md_syslog('info', "$QueueID: helo_ip_lacks_brackets: Host $ip
($name) said \"HELO $helo\"");
    #       return ('REJECT', "Literal IP address in SMTP HELO lacks
required brackets - $helo");
        }
    }


As you can see, I have turned off the actual rejection, since this caused
LOTS of problems just beginning today!  I'm still logging the info, so that
come next week I can see what correlation there might be between the IP
addresses that get logged, and if there's a common SMTP package they all run
(that might have been auto-updated last night), or whatever, that might
reveal why dozens of our regular customers all suddenly today were rejected
for a rule that has been in place for a long time.

Am I the only one A) doing this type of test, or B) seeing this sudden
problem?  I normally see ~200 to ~300 rejections per day from this rule.
Today, the log of my primary server alone contains several thousands of
hits.

Ken