[Greylist-users] mail from internal domains not delayed?
Eric S
ejs at bfd.com
Tue Jul 15 17:57:58 PDT 2003
On Tue, 15 Jul 2003, Deke Clinger wrote:
> This check:
>
> if (! ($mail_mailer =~ /smtp\Z/i) && ($mail_from ne "<>" || $relay_ip eq "127.0.0.1")) {
>
> causes mail 'spoofed' such that it appears to be from an internal domain
> (qualcomm.com) to bypass greylisting. Running sendmail with the -d20 flag
> shows which mailer is selected for a given sender or recipient address:
Interesting. Actually, I like the way I handle it in my alternate
greylisting implementation
in connect_callback:
if (defined $sockaddr_in)
{
my($port, $ipAddr) = sockaddr_in($sockaddr_in);
my $addrStr = inet_ntoa($ipAddr);
$dataRef->{'ipAddr'} = $addrStr;
if($addrStr =~ /^(192\.168\.|127\.|24\.234\.47\.63|205\.242\.37\.3[2-9])/)
{
$dataRef->{'isLocal'}=1;
}
}
else
{
$dataRef->{'isLocal'}=1;
}
$dataRef (where I keep all data, and even gather all the headers) gets
pickled at the end of each callback, and restored when the next callback
is called, so I always have that flag available, and that's how I
determine if I should do a greylist test (or autowhitelist in the near
future).
The various IP addresses that the regex matches are the machines that that
server will relay for.
So, can everyone tell that I programmed in C long before I learned perl?
:-)
More information about the Greylist-users
mailing list