[Mimedefang] Re: New X-AntiAbuse way for spammer

Pierre Forget pierre at pierreforget.com
Wed May 21 20:24:45 EDT 2008


     I installed a filter_sender in mimedefang-filter (just need to see
     first, who sends without a FQDN):
     sub filter_sender ()
     {
     my($sender, $hostip, $hostname, $helo) =3D @_;
     # Check for a HELO that does not contain a ".", and therefore is not
     an FQDN as required
     # by RFC 2821; or is is blank
     if ( index($helo, '.') =3D=3D -1 )
     {
     md_syslog('alert',"$MsgID [FS1] Invalid non-FQDN HELO $helo by  
Host $hostip"=
     );
     return('CONTINUE', "OK");
     }
     }
     Also, I installed the line:
     MX_SENDER_CHECK=3Dyes
     in the Mimedefang control script.

     I get a lot of logs indicating many HELO without a FQDN. But I get
     many valid email blocked, including mine (from another server
     techno24.net) and with ? as a reason for blocking. Here are the  
blocking logs:

     May 20 21:21:41 coldfoot mimedefang.pl[10643]: filter_sender rejected
     sender <pierre at techno24.net>
     May 20 21:21:41 coldfoot sendmail[11518]: m4L1Lfjm011518: Milter:
     from=3D<pierre at techno24.net>, reject=3D554 5.7.1 ?
     May 20 21:21:41 coldfoot sendmail[11518]: m4L1Lfjm011518:
     from=3D<pierre at techno24.net>, size=3D1496, class=3D0, nrcpts=3D0,  
proto=3DES=
     MTP, =20
     daemon=3DMTA, relay=3Dns2.techno24.net [209.44.107.222]

     I thought activating the SENDER_CHECK was activating only the code in =20
     the filter_sender sub? Or am I doing something wrong?

     Thanks for the help,

     Pierre Forget

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.





More information about the MIMEDefang mailing list