Re: [exim] Deny crappy HELO

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Wakko Warner
Datum:  
To: Dennis Davis
CC: exim-users
Betreff: Re: [exim] Deny crappy HELO
Dennis Davis wrote:
> On Fri, 9 Jun 2006, list1 wrote:
> > In the above examples the only the thing that is in common, that
> > none of them have any "." in the HELO. Is there a way to find them
> > with regex?
>
> Something like:
>
>   deny    message = Rejected because of unacceptable syntax in \
>                     HELO/EHLO name:\n\
>                     $sender_helo_name\n\
>                     This is commonly associated with misconfigured \
>                     mail software;\n\
>                     see RFC2821 section 4.1.2 for legal domain syntax.
>           log_message = invalid HELO syntax $sender_helo_name
>           condition = ${if ! match {$sender_helo_name}{\N^[^.].*\.[^.]+$\N}}

>
> should do it.
>
> You might also like to reject a few others indicating a suspect host,
> eg hosts thinking they're called "localhost.localdomain".


This RE might be better, but i haven't tested it much.
^[^.]+(?:\..*?)?\.[^.]{2,4}$

It was tested with a few strings using perl. I'm not sure if pcre supports
(?: but since it's supposed to be perl compatible, it should.

It will only accept names that appear proper.

It does this:
requires that the string not being with a dot.
requires that the end of the string be in the form of .<tld> (2 to 4 letter
tld).

It does block localhost.localdomain, and any string w/o a dot.



--
Lab tests show that use of micro$oft causes cancer in lab animals
Got Gas???