[milters] Archive

Lists Index Date Thread Search

Article: 546
From: Anthony Howe
Date: 2005-05-03 11:43:49 -0400
Subject: Re: Problem compiling libsnert & milter-sender on SuSE

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

> Well, I've played with exactly such a rule set (found it at
> http://networking.ringofsaturn.com/Unix/sendmailtips.php), they seem
> to be identical.
> 
> [cut]
> 
> However, domain names which I find unacceptable are actually in
> /etc/mail/relay-domains, since gateways don't accept local mail, they
> only relay it, I believe this is class R.

You could modify the rule set to block those easily.

> But, I'm using more checks. Besides not accepting a HELO which is a
> domain in class R, I also refuse ANY HELO which is an IP address or

Blocking
	
	HELO 123.45.67.89

is a BAD idea. There are many legit mail clients that use their IP 
address for the HELO argument. Granted it should be:

	HELO [123.45.67.89]

For example if you're an ISP with dial-up customers, you do not want to 
block an IP in the HELO when your customers correctly relay through your 
MX you provide them. You do want to block IPs that are you own though.

> does not contain at least one dot (I do however NOT check if it's
> resolvable, since many, many mail servers (read Exchange) use

Well RFC 2821 expressly forbids such a test anyways.

> hostnames which are not resolvable). I find it easier to do this in
> .c than a rule set (I'm not sure if I can even do this in a rule set:
> determing if the helo host is an IP address and reject it).

An IP address would look like a domain. You could use a regex map in a 
sendmail ruleset if you really need to check for numbers vs a general token.

> I can send you my modified milter-sender.c if you are interested? I

No. These sorts of things are better done in the sendmail rule sets and 
anyways, because you have access to $=w and $=R.

> also had to make an adjustment for someone who accepts mail on a non
> regular port (being different than port 25), but still wants call
> ahead.
> 
> Maybe I extend the code sometime to check if the HELO is identical to
> an access.db entry with a RHS of RELAY? That way I don't have to
> compile milter-sender each time a new domain is added to the mail
> gateway! ;-)

Well I think you'd be better off with a sendmail rule set for that, 
since its better suited to doing these sorts of things.

-- 
Anthony C Howe                                 +33 6 11 89 73 78
http://www.snert.com/       ICQ:
7116561         AIM: Sir Wumpus

in the mist of night / by the silent sea / a siren calls - Anthony

Lists Index Date Thread Search