[milters] Archive

Lists Index Date Thread Search

Article: 679
From: barryc
Date: 2005-08-02 11:56:29 -0400
Subject: [DYNDNS] Re: Re: sender question

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Here's a block of pseudocode that might better elucidate what I was trying to 
get at:

RECV_COUNT = get_number_of_received_headers();

if (RECV_COUNT == 0) 
{
   /*
    * Assume my Received header has not yet been attached. 
    * Otherwise, we'd also have to check the first (most recent) header 
    * to see if it's ours
    */
   if ( client_has_smtp_auth() )
      accept_message();
   else if ( client_in_relay_domains() )
      accept_message();
   else /* some random computer is connecting to me directly */
      reject_message();
}
else 
{
   /*
    * I am not the first mailserver / relay to touch this message.
    * this block COULD get ugly, depending on exactly what you want it to do.
    * I'd actually be happy just with what's above
    */
}

Anthony Howe wrote:
>
>When a milter is called to process a header, I don't think the server's 
>own Received header has yet been added. 

I THOUGHT that was how it worked, but like I said, I was just comparing what was 
making it to my inbox.

>> 2) Sanity: Consider the following two hypothetical adjacent headers:
>> Received: from (mailserver.domain1.com[69.215.194.218]) by (...) ...
>> Received: from (...) by mailserver.domain2.com ...
>> 
>> And mailserver.domain2.com resolves to 162.140.64.107.
>
>I think this thought is incomplete. What I'm I looking for in this case?
>Are you thinking the from-by in adjacent headers should match?

That was the idea...
Or at a minimum that a WHOIS query to ARIN/RIPE/APNIC show that they're at least 
in the same netblock.

>Consider the case where one server has several processes like an 
>AV-gateway, a spam filter, and an MTA. I would see three different 
>Received headers possibly with different name/IP for the host. 

Relaxing the requirement to machine names in the same domain / IPs in the same 
netblock would accomodate that situation.

>Also some 
>sites, like a university will relay through a smart host, which might 
>not have a public IP address.

Once you encounter a private IP, all bets are off. If that happens, your best 
bet is to pass the message and let the other milters decide what to do with it.


Lists Index Date Thread Search