[Mimedefang] Re: New X-AntiAbuse way for spammer
Pierre Forget
pierre at pierreforget.com
Wed May 21 20:24:45 EDT 2008
I installed a filter_sender in mimedefang-filter (just need to see
first, who sends without a FQDN):
sub filter_sender ()
{
my($sender, $hostip, $hostname, $helo) =3D @_;
# Check for a HELO that does not contain a ".", and therefore is not
an FQDN as required
# by RFC 2821; or is is blank
if ( index($helo, '.') =3D=3D -1 )
{
md_syslog('alert',"$MsgID [FS1] Invalid non-FQDN HELO $helo by
Host $hostip"=
);
return('CONTINUE', "OK");
}
}
Also, I installed the line:
MX_SENDER_CHECK=3Dyes
in the Mimedefang control script.
I get a lot of logs indicating many HELO without a FQDN. But I get
many valid email blocked, including mine (from another server
techno24.net) and with ? as a reason for blocking. Here are the
blocking logs:
May 20 21:21:41 coldfoot mimedefang.pl[10643]: filter_sender rejected
sender <pierre at techno24.net>
May 20 21:21:41 coldfoot sendmail[11518]: m4L1Lfjm011518: Milter:
from=3D<pierre at techno24.net>, reject=3D554 5.7.1 ?
May 20 21:21:41 coldfoot sendmail[11518]: m4L1Lfjm011518:
from=3D<pierre at techno24.net>, size=3D1496, class=3D0, nrcpts=3D0,
proto=3DES=
MTP, =20
daemon=3DMTA, relay=3Dns2.techno24.net [209.44.107.222]
I thought activating the SENDER_CHECK was activating only the code in =20
the filter_sender sub? Or am I doing something wrong?
Thanks for the help,
Pierre Forget
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
More information about the MIMEDefang
mailing list