2010/3/23 David F. Skoll <[email protected]>: > Jakub Wasielewski wrote: > > sub filter_recipient { > my ($recipient, $sender, $ip, $hostname, $first, $helo, $rcpt_mailer, > $rcpt_host, $rcpt_addr) = @_; > > return('CONTINUE', "ok") if ($ip eq "127.0.0.1"); > > read_commands_file(); > if ($ip eq '127.0.0.1') { > return ('CONTINUE', "ok"); > } elsif ($recipient =~ /\...@example\.pl/i) { > return ('CONTINUE', "ok"); > } elsif ($recipient =~ /\...@example2\.pl/i or $recipient =~ > /\...@example3\.pl/i or $recipient =~ /\...@example4\.pl/i or $recipient =~ > /\...@example5\.pl/i or $recipient =~ /\...@example6\.pl/i) { > my ($result, $msg) = md_check_against_smtp_server($sender, > $recipient, "smtp1.example.pl", "smtp2.example.pl"); > md_syslog('info', "Recipient check: $result - $msg"); > return ($result, $msg); > > } > > return ('CONTINUE', "ok"); > } > > The second check for 127.0.0.1 is redundant. Also, you are only > validating recipients in some domains, not all domains.
True, true. Second check is stupid. I'm validating all domains, that are not local and for whom this server is a backup MX. > You've sanitized your filter. We can't help if you do that. We need > to see an un-edited version of filter_sender complete with the actual > email addresses that are causing DSNs. Changing real domains to "exampleN" > means you're hiding useful information. The addresses are: valid recipient: [email protected] nonexistent recipient: [email protected] Ok, here comes filters: sub filter_sender { my($sender, $ip, $hostname, $helo) = @_; return('CONTINUE', "ok") if ($ip eq "127.0.0.1"); md_syslog('info', " == SENDER == :: $sender"); # sprawdzenie czy host nie podszywa się pod moje serwery if ($helo =~ /(^|.)opoka\.org\.pl$/i) { if ($ip ne "212.2.120.8" and $ip ne "212.2.120.9" and $ip ne "212.2.120.10" and $ip ne "212.2.120.11" and $ip ne "212.2.120.12" and $ip ne "212.2.120.13" and $ip ne "212.2.120.14" and $ip ne "212.2.120.15" and $ip ne "212.2.120.18" and $ip ne "212.160.91.130" and $ip ne "83.13.16.178") { md_syslog('info', "Host $ip sent fake HELO : $helo"); return('REJECT', "Go away. $ip is not a opoka.org.pl machine"); } } # oczywista fałszywka ip w HELO != ip hosta if (($helo =~ /^(d{1,3})(.)(d{1,3})(.)(d{1,3})(.)(d{1,3})$/) && ($ip ne $helo)) { return('REJECT', "Header forgery attempt, $ip claims to be $helo"); } read_commands_file(); # if ($sender eq "<>") { # return ('REJECT', 'Message rejected. Administrative messages not accepted.'); # } # SPF jeśli niezautoryzowany if ($SendmailMacros{auth_authen} eq "") { my ($result, $smtp_comment, $header_comment) = check_spf(ip => $ip, sender => $sender, helo => $helo); if ($result eq 'fail') { return ('REJECT', 'Message rejected. ' . $smtp_comment); } } else { if ($sender eq "<>") { return ('REJECT', 'Message rejected. Authorized users should not send administrative messages.'); } } return('CONTINUE', "ok"); } sub filter_recipient { my ($recipient, $sender, $ip, $hostname, $first, $helo, $rcpt_mailer, $rcpt_host, $rcpt_addr) = @_; return('CONTINUE', "ok") if ($ip eq "127.0.0.1"); read_commands_file(); if ($recipient =~ /\...@paulus\.opoka\.org\.pl/i) { return ('CONTINUE', "ok"); } elsif ($recipient =~ /\...@kuria\.katowice\.pl/i or $recipient =~ /\...@kuria\.lomza\.pl/i or $recipient =~ /\...@parafia-sw-stefana\.pl/i or $recipient =~ /\...@parafia-swwojciech\.krakow\.pl/i or $recipient =~ /\...@sw-rodzina\.krakow\.pl/i) { my ($result, $msg) = md_check_against_smtp_server($sender, $recipient, "paulus.opoka.org.pl", "petrus.opoka.org.pl"); md_syslog('info', "Recipient check: $result - $msg"); return ($result, $msg); } return ('CONTINUE', "ok"); } Cheers, -- Jakub Wasielewski _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
