[Mimedefang] Revisit: Filtering on HELO

Jeff Rife mimedefang at nabs.net
Wed Mar 21 18:26:35 EDT 2007

On 16 Mar 2007 at 11:44, Kevin A. McGrail wrote:

> We check for localhost or
> We check for our name.
> We check for our IP address with/without ['s
> We check for helo of friend
> We check for helo where length < 3 or doesn't have dots.

I don't explictly test for "friend" or short text because that's pretty 
much covered by the "no dots" test.

I also don't check for "" because I have *never* seen this as 
an address literal (i.e., "[]").  As a bare IP, it would be 
rejected anyway.

I do check for any claim of being a host in one of the domains that I 
am 100% responsible for but not being from an IP that I also control.

# Declare my own variables
my %nabs;
$nabs{'Domains'} = '(\.|^)(localhost|localdomain|nabs\.net|other\domain\.com)$';
$nabs{'PublicIPs'} = '^\[?71\.246\.216\.1(0[6-9]|10)\]?$';

# helper function for checking IPs
sub is_trusted_ip
my ($ip) = @_;

return 1 if ($ip =~ /^(127\.|$nabs{'TrustedNetworks'})/);

# the meat
sub filter_helo
my ($ip, $hostname, $helo) = @_;
my @retval = ('CONTINUE', "OK");

unless (is_trusted_ip($ip))
  md_syslog('info', "md_info (f_helo): $ip; $hostname; $helo");

  if ($helo !~ /\./)
    @retval = ('REJECT', "Bad HELO: ($helo) is not fully qualified domain name");
  elsif ($helo =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/)
   @retval = ('REJECT', "Bad HELO: IP address ($helo) is not legal HELO");
  elsif (($helo =~ /($nabs{'Domains'}|$nabs{'PublicIPs'})/i) and ($ip !~ /$nabs{'PublicIPs'}/))
		# pretending to be us
    @retval = ('REJECT', "Bad HELO: $hostname [$ip] is not $helo");

if ($retval[0] eq 'REJECT')
  DB_helo $ip;

return @retval;


Jeff Rife |  Sam: Hey, how's life treating you there, Norm? 
          | Norm: Beats me...then it kicks me and leaves me 
          |       for dead. 

More information about the MIMEDefang mailing list