On Mon, 10 Jul 2006, [EMAIL PROTECTED] wrote:
------------------------------
From: Steffen Kaiser <[EMAIL PROTECTED]>
It makes no sense to optionally allow [ left, but enforce ] on the right
side. Digits don't have no case at all.
As with the case portion of the RegEx, the flaw with the bracket was
probably a code typo. Actually, by the point at which the code would
reside, an IP-based HELO lacking square brackets would have already been
REJECTed. Therefore, the test needs to allow for the square brackets.
Would would be the proper RegEx?
The better solution would be:
If you trust them -> exempt them from the check at all!
That's a bit of a digression. Yes, the first checks I perform are to
see if the relay address is one of my own hosts, and if it is, I cease
further checking. But that wasn't what I was asking about.
------------------------------
From: Kayne Kruse <[EMAIL PROTECTED]>
If your seeing drive by spammers, I honestly would be looking at
implementing greylisting instead. Most of my spam experience has shown
that a vast majority is coming from IP addresses that do not get used
that often.
I agree that a lot of SPAM is sent courtesy of 'botted Windoze boxes
and that the same IP rarely gets used twice. Which leads me to politely
disagree about greylisting.
I'm not saying that greylisting has no value or should never be used.
But my personal anti-SPAM philosophy is to reject SPAM as early and often
as possible. The sooner I identify a connection as obviously bogus, the
sooner I can drop it, and the less of my resources (bandwidth, CPU, disk,
etc) the spammer gets to waste.
Greylisting means I have to have the code to implement it (CPU, RAM)
and the back-end database to maintain the greylisting info (disk, CPU). If
a spammer HELOs with an IP address that is obviously bogus, why waste my
resources greylisting it? Drop the idiot and be done with it.
------------------------------
From: Jim McCullars <[EMAIL PROTECTED]>
I just reject when someone sends an IP address as a HELO, and it is not
their actual IP address. In filter_sender():
if ($helo =~ /^\d+\.\d+\.\d+\.\d+$/) { # looks like an IP
if ($helo ne $ip) {
return('REJECT', "IP address $ip doesn't match helo string $helo");
}
}
Thanks, Jim! That's exactly the sort of thing I was looking for. I'm
going to work on implementing that!
Dirk
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
