[Greylist-users] mail from internal domains not delayed?

Eric S ejs at bfd.com
Tue Jul 15 17:57:58 PDT 2003

On Tue, 15 Jul 2003, Deke Clinger wrote:

> This check:
>   if (! ($mail_mailer =~ /smtp\Z/i) && ($mail_from ne "<>" || $relay_ip eq  "")) {
> causes mail 'spoofed' such that it appears to be from an internal domain
> (qualcomm.com) to bypass greylisting. Running sendmail with the -d20 flag
> shows which mailer is selected for a given sender or recipient address:

Interesting.  Actually, I like the way I handle it in my alternate
greylisting implementation

in connect_callback:

if (defined $sockaddr_in)
  my($port, $ipAddr) = sockaddr_in($sockaddr_in);
  my $addrStr = inet_ntoa($ipAddr);
  $dataRef->{'ipAddr'} = $addrStr;
  if($addrStr =~ /^(192\.168\.|127\.|24\.234\.47\.63|205\.242\.37\.3[2-9])/)

$dataRef (where I keep all data, and even gather all the headers) gets
pickled at the end of each callback, and restored when the next callback
is called, so I always have that flag available, and that's how I
determine if I should do a greylist test (or autowhitelist in the near

The various IP addresses that the regex matches are the machines that that
server will relay for.

So, can everyone tell that I programmed in C long before I learned perl?

More information about the Greylist-users mailing list