[Mimedefang] Revisit: Filtering on HELO
Jeff Rife
mimedefang at nabs.net
Wed Mar 21 18:26:35 EDT 2007
On 16 Mar 2007 at 11:44, Kevin A. McGrail wrote:
> We check for localhost or 127.0.0.1
> We check for our name.
> We check for our IP address with/without ['s
> We check for helo of friend
> We check for helo where length < 3 or doesn't have dots.
I don't explictly test for "friend" or short text because that's pretty
much covered by the "no dots" test.
I also don't check for "127.0.0.1" because I have *never* seen this as
an address literal (i.e., "[127.0.0.1]"). As a bare IP, it would be
rejected anyway.
I do check for any claim of being a host in one of the domains that I
am 100% responsible for but not being from an IP that I also control.
===================================================================
# Declare my own variables
my %nabs;
$nabs{'Domains'} = '(\.|^)(localhost|localdomain|nabs\.net|other\domain\.com)$';
$nabs{'PublicIPs'} = '^\[?71\.246\.216\.1(0[6-9]|10)\]?$';
# helper function for checking IPs
sub is_trusted_ip
{
my ($ip) = @_;
return 1 if ($ip =~ /^(127\.|$nabs{'TrustedNetworks'})/);
}
# the meat
sub filter_helo
{
my ($ip, $hostname, $helo) = @_;
my @retval = ('CONTINUE', "OK");
unless (is_trusted_ip($ip))
{
md_syslog('info', "md_info (f_helo): $ip; $hostname; $helo");
if ($helo !~ /\./)
{
@retval = ('REJECT', "Bad HELO: ($helo) is not fully qualified domain name");
}
elsif ($helo =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/)
{
@retval = ('REJECT', "Bad HELO: IP address ($helo) is not legal HELO");
}
elsif (($helo =~ /($nabs{'Domains'}|$nabs{'PublicIPs'})/i) and ($ip !~ /$nabs{'PublicIPs'}/))
{
# pretending to be us
@retval = ('REJECT', "Bad HELO: $hostname [$ip] is not $helo");
}
}
if ($retval[0] eq 'REJECT')
{
DB_helo $ip;
}
return @retval;
}
===================================================================
--
Jeff Rife | Sam: Hey, how's life treating you there, Norm?
|
| Norm: Beats me...then it kicks me and leaves me
| for dead.
More information about the MIMEDefang
mailing list