On Sun, 9 Jul 2006, Dirk the Daring wrote:
I've noticed some SPAMmers recently starting to HELO using non-routable
IP addresses (mostly 10.x.x.x or 192.168.x.x)
See the past threads about this topic; actually only MUAs should use
private IPs here, but a multi-interface or misconfigured MTA might pick
the wrong one ... .
I'm thinking of filtering for this, and I came up with this code (which
would be placed AFTER the check for an IP-based HELO in square brackets - so
any IP-based HELO missing the brackets has already been rejected).
The HELO argument is not properly defined, EHLO's one is.
I'd appreciate any feedback anyone would like to offer on this code
snippet:
# Check for a HELO that is a non-routable address and therefore
invalid
if (($helo =~ /(^|\[)10\.d{1,3}\.d{1,3}\.d{1,3}\]$/i) ||
It makes no sense to optionally allow [ left, but enforce ] on the right
side.
Digits don't have no case at all.
There was a post about rejecting HELO arguments, where IPs are not
enclosed in brackets (and other malformed stuff), but otherwise HELO
checks are nonsense.
Obviously, if I have sending hosts on my network that really did have
non-routable addresses, this would be a possible problem (altho the simple
solution is for them to not HELO with their IP, but use their hostname). And
The better solution would be:
If you trust them -> exempt them from the check at all!
(Use the relay address to determine, if it _really_ is your trusted host.)
Bye,
--
Steffen Kaiser
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
