On Thu, 2007-05-03 at 00:46 +0200, Renaud Allard wrote:
> I am receiving a bunch of stock spams (mostly in german). Their common
> property seems to be a helo like [ip.add.re.ss].
> I am thinking about an ACL like this one:
> warn
> condition = ${if
> match{$sender_helo_name}{\N(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[0
> 1]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\N}{yes}{no}}
> set acl_c1 = IP in HELO
> set acl_c0 = Please set up a meaningful name in your HELO
> (i.e. not containing an IP).
>
>
> (with acl_c1 and acl_c0 set, the mail is rejected after rcpt in my config)
>
> What do you think? An IP between [] delimiters is "legal" in rfc2821,
> however I don't think many legit servers are using this kind of
> configuration.
I think it's a bit funny to accept "HELO foo.com" but reject a valid IP
literal. however, if there is a mismatch between the HELO literal and
$sender_host_address, junking it is quite legitimate, IMO.
--
Kjetil T.
