I used some regex filters in the past which I'm trying to convert to the
latest builtin filters.  In particular, I stumbled over a HELO filter,
which rejects non-FQDN HELO forcing SMTP protocol, aka: 
Sendmail FEATURE(block_bad_helo) or Postfix reject_non_fqdn_helo_hostname

I had significant success rate with this kind of blocking, since a good
portions of spammers seem to be too lazy to configure HELO correctly.

Here is what I came up with:

# reject HELO/EHLO with leading or trailing dot, and without dots (non-FQDN)
filter helo phase helo connect match helo regex { "^\.", "\.$", "^[^\.]*$" } 
disconnect "554 5.7.1 HELO rejected" 
filter ehlo phase ehlo connect match helo regex { "^\.", "\.$", "^[^\.]*$" } 
disconnect "554 5.7.1 EHLO rejected

Now, I just need a way to skip/allow IPv6 address literals, e.g. there
are no dots in EHLO [::1], but still a valid/allowed value.
With old filter-regex I just did a negotiation: ! regex "^\[" to
not apply filter to v6 literals

Any ideas/hints how to add/implement this with the new builtin regex
filter syntax?


Reply via email to