Yes (DoIPinHelo) should not block directly - this will be fixed.
Thomas
Von: Michael Thomas <m...@mathbox.com>
An: ASSP development mailing list <assp-test@lists.sourceforge.net>
Datum: 26.03.2012 00:27
Betreff: [Assp-test] IPinHeloOK
Thomas,
ASSP version 2.1.2(12077)
I have "Do Score Suspicious Helos (DoIPinHelo)" set to "score".
If an incoming message triggers &IPinHeloOK($fh) in getheader(), the
code flow exits getheader(), but should not. Because the code flow
exits, the code does not perform any other checks and messages that
should have failed for their total score do not because they only scored
IPinHelo.
In particular, I looked for this because I had a spammer that always set
the helo to the IP address of target SMTP. IPinHelo always triggered,
but with those IP in invalidHelo.txt, invalidHeloOK never triggered.
I did block the spammer with a regex in bombheaderre.txt. But I wanted
to let you know about this because it affects several checks.
If I have screwed up the perl syntax below, I apologize, but hopefully
you get the idea. There are 36 instances of that sequence in the code. I
checked only the next couple of instances. It appeared that the logic
would apply to the next two (ForgedHeloOK and BlackDomainOK) as well,
because they can block or score.
Current Code
======================
if (&MsgScoreTooHigh($fh,$done)) {$this->{skipnotspam} = 0;return;}
if ($this->{cipdone} && $this->{ciphelo} && $this->{cip} && !
$this->{nohelo}) {
if (! &IPinHeloOK($fh)) {
if ($this->{error}) {$this->{skipnotspam} = 0;return;}
}
}
if (&MsgScoreTooHigh($fh,$done)) {$this->{skipnotspam} = 0;return;}
======================
Suggested Code
======================
if (&MsgScoreTooHigh($fh,$done)) {$this->{skipnotspam} = 0;return;}
if ($this->{cipdone} && $this->{ciphelo} && $this->{cip} && !
$this->{nohelo}) {
&IPinHeloOK($fh);
}
if (&MsgScoreTooHigh($fh,$done)) {$this->{skipnotspam} = 0;return;}
======================
or
======================
if (&MsgScoreTooHigh($fh,$done)) {$this->{skipnotspam} = 0;return;}
if ($this->{cipdone} && $this->{ciphelo} && $this->{cip} && !
$this->{nohelo}) {
if (! &IPinHeloOK($fh)) {
if ($this->{error} && &MsgScoreTooHigh($fh,$done))
{$this->{skipnotspam} = 0;return;}
}
}
======================
--
Michael Thomas
Mathbox
978-687-3300
Toll Free: 1-877-MATHBOX (1-877-628-4269)
------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
