On Wednesday 16 June 2004 22:42, Sam Varshavchik wrote: > James Graves writes: > > Well, at any rate, we've got problems with sites like hotmail.com. > > > > So we've got a couple possible solutions: > > > > 1. Create a new version of BOFHCHECKHELO that is even looser than the > > current version. This one would also accept mail from smtp.foobar.com > > if the SMTP HELO command was 'HELO foobar.com'. There are other > > I'm open to discussion on this topic.
These are the rules I am considering implementing: whitelist the connecting IP if (1) the reverse dns on the connecting IP resolves to a host name that shares the last N parts with the EHLO/HELO hostname. OR (2) the last N parts of the EHLO/HELO host name resolves to the connecting IP. I haven't settled on the value for N. Bill Taroli shared an example with me where N=3; that is, ci.milpitas.ca.gov. Maybe N is a function of the total name parts; for example, for each rule, check total_parts - 1, then total_parts - 2, then stop. For rule (1) that give a total of four checks, since you are comparing two host names. I also would suggest a config param BOFHSOFTFAIL. If equal to 1, then courier returns a 417 for invalid EHLO/BOFH hostnames. This way, if the heuristics above produce false positives, as an admin you have some time to manually whitelist without losing the email. Regards, Mark ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
