[Mimedefang] Problem with backscatter
Jakub Wasielewski
jakub at wasielewski.info
Tue Mar 23 16:44:22 EDT 2010
2010/3/23 David F. Skoll <dfs at roaringpenguin.com>:
> Jakub Wasielewski wrote:
>
> sub filter_recipient {
> my ($recipient, $sender, $ip, $hostname, $first, $helo, $rcpt_mailer,
> $rcpt_host, $rcpt_addr) = @_;
>
> return('CONTINUE', "ok") if ($ip eq "127.0.0.1");
>
> read_commands_file();
> if ($ip eq '127.0.0.1') {
> return ('CONTINUE', "ok");
> } elsif ($recipient =~ /\@example\.pl/i) {
> return ('CONTINUE', "ok");
> } elsif ($recipient =~ /\@example2\.pl/i or $recipient =~
> /\@example3\.pl/i or $recipient =~ /\@example4\.pl/i or $recipient =~
> /\@example5\.pl/i or $recipient =~ /\@example6\.pl/i) {
> my ($result, $msg) = md_check_against_smtp_server($sender,
> $recipient, "smtp1.example.pl", "smtp2.example.pl");
> md_syslog('info', "Recipient check: $result - $msg");
> return ($result, $msg);
>
> }
>
> return ('CONTINUE', "ok");
> }
>
> The second check for 127.0.0.1 is redundant. Also, you are only
> validating recipients in some domains, not all domains.
True, true. Second check is stupid.
I'm validating all domains, that are not local and for whom this
server is a backup MX.
> You've sanitized your filter. We can't help if you do that. We need
> to see an un-edited version of filter_sender complete with the actual
> email addresses that are causing DSNs. Changing real domains to "exampleN"
> means you're hiding useful information.
The addresses are:
valid recipient: proboszcz at parafia-sw-stefana.pl
nonexistent recipient: proboszczd at parafia-sw-stefana.pl
Ok, here comes filters:
sub filter_sender {
my($sender, $ip, $hostname, $helo) = @_;
return('CONTINUE', "ok") if ($ip eq "127.0.0.1");
md_syslog('info', " == SENDER == :: $sender");
# sprawdzenie czy host nie podszywa się pod moje serwery
if ($helo =~ /(^|.)opoka\.org\.pl$/i) {
if ($ip ne "212.2.120.8" and $ip ne "212.2.120.9" and $ip ne
"212.2.120.10" and
$ip ne "212.2.120.11" and $ip ne "212.2.120.12" and $ip ne "212.2.120.13" and
$ip ne "212.2.120.14" and $ip ne "212.2.120.15" and $ip ne "212.2.120.18" and
$ip ne "212.160.91.130" and $ip ne "83.13.16.178") {
md_syslog('info', "Host $ip sent fake HELO : $helo");
return('REJECT', "Go away. $ip is not a opoka.org.pl machine");
}
}
# oczywista fałszywka ip w HELO != ip hosta
if (($helo =~ /^(d{1,3})(.)(d{1,3})(.)(d{1,3})(.)(d{1,3})$/) && ($ip
ne $helo)) {
return('REJECT', "Header forgery attempt, $ip claims to be $helo");
}
read_commands_file();
# if ($sender eq "<>") {
# return ('REJECT', 'Message rejected. Administrative messages not accepted.');
# }
# SPF jeśli niezautoryzowany
if ($SendmailMacros{auth_authen} eq "") {
my ($result, $smtp_comment, $header_comment) = check_spf(ip => $ip,
sender => $sender, helo => $helo);
if ($result eq 'fail') {
return ('REJECT', 'Message rejected. ' . $smtp_comment);
}
} else {
if ($sender eq "<>") {
return ('REJECT', 'Message rejected. Authorized users should not
send administrative messages.');
}
}
return('CONTINUE', "ok");
}
sub filter_recipient {
my ($recipient, $sender, $ip, $hostname, $first, $helo, $rcpt_mailer,
$rcpt_host, $rcpt_addr) = @_;
return('CONTINUE', "ok") if ($ip eq "127.0.0.1");
read_commands_file();
if ($recipient =~ /\@paulus\.opoka\.org\.pl/i) {
return ('CONTINUE', "ok");
} elsif ($recipient =~ /\@kuria\.katowice\.pl/i or $recipient =~
/\@kuria\.lomza\.pl/i or $recipient =~ /\@parafia-sw-stefana\.pl/i or
$recipient =~ /\@parafia-swwojciech\.krakow\.pl/i or $recipient =~
/\@sw-rodzina\.krakow\.pl/i) {
my ($result, $msg) = md_check_against_smtp_server($sender,
$recipient, "paulus.opoka.org.pl", "petrus.opoka.org.pl");
md_syslog('info', "Recipient check: $result - $msg");
return ($result, $msg);
}
return ('CONTINUE', "ok");
}
Cheers,
--
Jakub Wasielewski
More information about the MIMEDefang
mailing list