Hi all,
I'm trying to write some SA rules for additional tests on the
connecting mailserver's SMTP HELO string, and I have some questions
about how to do it. Should I send them to this list or to the
dev list?
Assuming it's this list, one of the things I'm trying to do is assign
a modest score to helo strings containing a bracketed IP address.
(This is technically valid in SMTP.)
I've read through some of the tests in 20_fake_helo_tests.cf, and it
appears they rely on SA's parsing code creating a kind of magic
pseudo-header X-Spam-Relays-Untrusted containing a string with the
"helo" and other data?
I'm not sure I get the point of the recurring [^\]]+ bits in the
examples I looked at.
So would a test for a bracketed IP address look like this?
# [60.222.35.88]
header HELO_BRACKETED_IP X-Spam-Relays-Untrusted =~ /^[^\]]+
helo=\[\d+\.\d+\.\d+\.\d+\][^\]]+ auth= /i
I want to distinguish this case from a bare IP address (invalid!)
which I also want to look at and score:
# [60.222.35.88]
header HELO_BARE_IP X-Spam-Relays-Untrusted =~ /^[^\]]+
helo=\d+\.\d+\.\d+\.\d+[^\]]+ auth= /i
-- Clifton
--
Clifton Royston -- [EMAIL PROTECTED] / [EMAIL PROTECTED]
President - I and I Computing * http://www.iandicomputing.com/
Custom programming, network design, systems and network consulting services
