[Mimedefang] Re: New X-AntiAbuse way for spammer
Dave O'Neill
dmo at roaringpenguin.com
Thu May 22 10:26:32 EDT 2008
On Wed, May 21, 2008 at 08:24:45PM -0400, Pierre Forget wrote:
> I get a lot of logs indicating many HELO without a FQDN. But I get
> many valid email blocked, including mine (from another server
> techno24.net) and with ? as a reason for blocking. Here are the
> blocking logs:
Your problem is that filter_sender isn't always returning an appropriate
result. You have (reformatted for clarity):
> sub filter_sender ()
> {
> my ($sender, $hostip, $hostname, $helo) = @_;
>
> # Check for a HELO that does not contain a ".", and therefore is not
> # an FQDN as required by RFC 2821; or is is blank
> if(index($helo, '.') == -1) {
> md_syslog('alert', "$MsgID [FS1] Invalid non-FQDN HELO $helo by Host $hostip");
> return ('CONTINUE', "OK");
> }
> }
Note that if helo doesn't contain a . you return continue/OK, but if it
_does_ contain a dot, you just fall off the end of the subroutine.
That's bad -- it means the caller gets undef.
What you probably want to do is return ('CONTINUE', 'OK') after the if
block, rather than inside it.
Cheers,
Dave
--
Dave O'Neill <dmo at roaringpenguin.com> Roaring Penguin Software Inc.
+1 (613) 231-6599 http://www.roaringpenguin.com/
For CanIt technical support, please mail: support at roaringpenguin.com
More information about the MIMEDefang
mailing list