On 22-May-2009, at 15:30, mouss wrote:
on the other hand, you can block some known values/suffixes/
expressions.
here are a few recent "real" life samples
dynamic.ranchi.bb.59.92.92.92/24.bsnl.in
static.chandigarh.bb.59.94.224.236/24.bsnl.in
161.185.225.124.null.hi.!dynamic.163data.com.cn
18.50.225.124.lg.hi.!dynamic.163data.com.cn
customer-static-.iplannetworks.net
dsl88.230-.2304.ttnet.net.tr
40.subnet125-166-24.astinet.telkom.net.id.24.166.125.in-addr.arpa
BThomehub.home
api.home
I think my rules for helo's catch all of these:
!/[[:alpha:]]/ REJECT helo non-alpha helo not
allowed to talk to me
!/\.[[:alpha:]]{2,}$/ REJECT helo no TLD, invalid hostname
# Block localhost (unusual in HELO)
/^localhost(\.localdomain)?$/ REJECT helo Unacceptable hostname in helo
/^unknown$/ REJECT helo No unknown hostnames
/^(mail.)?kreme\.com$/ REJECT helo Don't spoof my hostname
/\.(local|home|example)$/ REJECT Unacceptable LAN name in helo
/(d{1,3}[.-]){3}[.-]\d{1,3}/ WARN Too many numbers in your hostname
/\.(dsl|adsl|pool|dynamic|user|hsd|dyn|dial)/ REJECT helo Dynamic .
servers not allowed
/^(dsl|adsl|pool|dynamic|user|hsd|dyn|dial)/ REJECT helo Dynamic ^
servers not allowed
--
Lobotomy means never having to say you're sorry -- or anything
else.
