[Greylist-users] mail from internal domains not delayed?

Eric S ejs at bfd.com
Tue Jul 15 17:57:58 PDT 2003


On Tue, 15 Jul 2003, Deke Clinger wrote:

> This check:
>
>   if (! ($mail_mailer =~ /smtp\Z/i) && ($mail_from ne "<>" || $relay_ip eq  "127.0.0.1")) {
>
> causes mail 'spoofed' such that it appears to be from an internal domain
> (qualcomm.com) to bypass greylisting. Running sendmail with the -d20 flag
> shows which mailer is selected for a given sender or recipient address:

Interesting.  Actually, I like the way I handle it in my alternate
greylisting implementation

in connect_callback:

if (defined $sockaddr_in)
{
  my($port, $ipAddr) = sockaddr_in($sockaddr_in);
  my $addrStr = inet_ntoa($ipAddr);
  $dataRef->{'ipAddr'} = $addrStr;
  if($addrStr =~ /^(192\.168\.|127\.|24\.234\.47\.63|205\.242\.37\.3[2-9])/)
  {
    $dataRef->{'isLocal'}=1;
  }
}
else
{
  $dataRef->{'isLocal'}=1;
}

$dataRef (where I keep all data, and even gather all the headers) gets
pickled at the end of each callback, and restored when the next callback
is called, so I always have that flag available, and that's how I
determine if I should do a greylist test (or autowhitelist in the near
future).

The various IP addresses that the regex matches are the machines that that
server will relay for.

So, can everyone tell that I programmed in C long before I learned perl?
:-)



More information about the Greylist-users mailing list