Re: [Mimedefang] sendmail and filter_helo interaction

Thu, 09 Nov 2006 22:28:24 -0800 

Dirk the Daring wrote:



        # Check #4

        # If the HELO is an FQDN, the index and rindex of "." will not 
be the same

        # This catches the spammer using domain.tld (which will slip
        #       by Check #2)
        if ( index($helo, ".") == rindex($helo, ".") )
            {
            # Reject connection - invalid HELO
            md_syslog('alert', "Non-FQDN HELO $helo by Host $hostip");

                        return('REJECT', "INVALID HELO/EHLO: $helo is 
not FQDN");

            }






   As I wrote previously, my entire filter is heavily logged. My 
analysis of those logs indicates that only about 50% of foreign 
mailhosts connecting to my network get past HELO. Based on the 
I-think-reasonable assumption that no "legitimate" mail server would be 
tripped up by GREETPAUSE, RATECONTROL, CONNCONTROL or the tests I have 
in filter_helo, my conclusion is that those 50% are spammers, and I'm 
effectively stopping them by the end of HELO.






Given that I don't think check #4 is valid, I'm not sure I believe your 
claim.  For one, depending on the configuration I'm using, you might end 
up rejecting my email, because my mail server's hostname is the 
registered domain name (rudd.cc) ... and I'm not a spammer.



(I don't recall any prohibition on a host's name being just its 
registered domain, domain.tld)



I'm also curious why you're using a lot of index/rindex calls instead of 
regular expressions (I'm not enough of an expert to know if one is 
honestly faster than the other).  For the above one, why not:


$helo =~ /^[^\.]+\.[^\.]+$/


(from the start of the string, one or more non-dots, followed by 1 dot, 
followed by one or more non-dots, and then the end of the string; you 
can only match this expression if you have exactly 1 dot in the strong)


Or,

(($helo =~ /\./) && ($helo !~ /\..+\./)


(contains at least one dot, AND does not contain: a dot, at least any 
one other character, and then another dot, anywhere in the string; 
again, you can only match these two expressions if you have exactly one 
dot in the string)



$helo =~ /\./

also works for your "index of . isn't -1" check.

_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang






















					Reply via email to