Giampaolo Tomassoni wrote:
RELAY_CHECKER (at least one rule had been triggered. According to your code
would score 4 by default);
RC_NORDNS (scores 1);
RC_BADRDNS (scores 1);
RC_BADDNS (scores 1);
RC_IPINHOSTNAME (scores 1);
RC_DYNHOSTNAME (scores 1);
Agreed. This way the plugin could also add some rules for ham.
I'm doing something similar myself in MIMEDefang. I've got a number of checks.
My resulting rules (applyed after the SA checks) are:
IP_FQDN_0 - IP_FQDN_5
USER_FQDN_0 - USER_FQDN_3
MAIL_FQDN_0 - MAIL_FQDN_3
NO_FQDN_0 - NO_FQDN_1
and I can then use meta rules for the scoring based on those results.
I don't know if such fine grained rules are really needed for this.
The MAIL_FQDN_* rules are ham-signs from this check:
sub check_mail_fqdn {
my $fqdn = shift;
my $xxx = '(mail|relay|smtp|out)';
return 3 if ($fqdn =~ /^(|.*[._-])$xxx\d{0,5}(|[._-].*)$/i);
return 2 if ($fqdn =~ /^(|.*[._-])$xxx[-._]?$xxx\d{0,5}(|[._-].*)$/i);
return 1 if ($fqdn =~ /(mail|smtp|relay)/i);
return 0;
}
That should be changed to include "static" in $xxx.
Just for the sake of comparison, below are the other checks as well:
---8<---
sub check_ip_parts {
my $x = shift;
return 0 if ($x && @_ != 4);
my $ic = 0;
my $hc = 0;
foreach my $p (@_) {
unless ($x) {
my @pp = split(/-/,$p);
return 3 if (check_ip_parts(1,@pp));
@pp = split(/_/,$p);
return 3 if (check_ip_parts(1,@pp));
}
my $i = ($p =~ /^\d{1,3}$/ && $p >= 0 && $p <= 255);
my $h = 0;
if ($p =~ /^[0-9A-Fa-f]{1,2}$/) {
my $i = hex $p;
$h = ($i >= 0 && $i <= 255);
}
$ic ++ if ($i);
$hc ++ if ($h);
return 2 if ($ic == 4);
return 1 if ($hc == 4);
}
return 0;
}
sub check_ip_fqdn {
my $fqdn = shift;
my $ip = shift;
return 0 if ($fqdn =~ /^\[$ip\]$/);
if ($ip =~ /^\d+\.\d+\.\d+\.\d+$/) {
my $rip = join('.',reverse split(/\./,$ip));
$ip =~
s/(\d+)/sprintf('(%1$u|%1$x|%1$02u|%1$02x|%1$03u)',$1)/ge;
$rip =~
s/(\d+)/sprintf('(%1$u|%1$x|%1$02u|%1$02x|%1$03u)',$1)/ge;
$ip =~ s/\./[-._]/g;
$rip =~ s/\./[-._]/g;
return 5 if ($fqdn =~ /(|.*\.)$ip\./i);
return 5 if ($fqdn =~ /(|.*\.)$rip\./i);
$ip =~ s/\[-\._\]//g;
$rip =~ s/\[-\._\]//g;
return 4 if ($fqdn =~ /(|.*\.)$ip\./i);
return 4 if ($fqdn =~ /(|.*\.)$rip\./i);
}
return check_ip_parts(0,split(/\./,$fqdn));
}
sub check_user_fqdn {
my $fqdn = shift;
return 3 if ($fqdn =~
/^(|.*[._-])(a?dsl|cable|dial[-._]?up|dynamic|dynamicip|customer|dhcp)(|[._-].*)$/i);
return 2 if ($fqdn =~ /^(|.*[._-])(cust|kund)(|[._-].*)$/i);
return 1 if ($fqdn =~ /^(|.*[._-])(a?dsl[a-z]|cable)\d*(|[._-].*)$/i);
return 0;
}
sub check_mail_fqdn {
my $fqdn = shift;
my $xxx = '(mail|relay|smtp|out)';
return 3 if ($fqdn =~ /^(|.*[._-])$xxx\d{0,5}(|[._-].*)$/i);
return 2 if ($fqdn =~ /^(|.*[._-])$xxx[-._]?$xxx\d{0,5}(|[._-].*)$/i);
return 1 if ($fqdn =~ /(mail|smtp|relay)/i);
return 0;
}
---8<---
Regards
/Jonas
--
Jonas Eckerman, FSDB & Fruktträdet
http://whatever.frukt.org/
http://www.fsdb.org/
http://www.frukt.org/
