[Assp-test] IPinHeloOK

Sun, 25 Mar 2012 15:27:21 -0700 

Thomas,

ASSP version 2.1.2(12077)

I have "Do Score Suspicious Helos (DoIPinHelo)" set to "score".

If an incoming message triggers &IPinHeloOK($fh) in getheader(), the 
code flow exits getheader(), but should not. Because the code flow 
exits, the code does not perform any other checks and messages that 
should have failed for their total score do not because they only scored 
IPinHelo.

In particular, I looked for this because I had a spammer that always set 
the helo to the IP address of target SMTP. IPinHelo always triggered, 
but with those IP in invalidHelo.txt, invalidHeloOK never triggered.

I did block the spammer with a regex in bombheaderre.txt. But I wanted 
to let you know about this because it affects several checks.

If I have screwed up the perl syntax below, I apologize, but hopefully 
you get the idea. There are 36 instances of that sequence in the code. I 
checked only the next couple of instances. It appeared that the logic 
would apply to the next two (ForgedHeloOK and BlackDomainOK) as well, 
because they can block or score.


Current Code
======================
if (&MsgScoreTooHigh($fh,$done)) {$this->{skipnotspam} = 0;return;}

if ($this->{cipdone} && $this->{ciphelo} && $this->{cip} && ! 
$this->{nohelo}) {
     if (! &IPinHeloOK($fh)) {
         if ($this->{error}) {$this->{skipnotspam} = 0;return;}
     }
}
if (&MsgScoreTooHigh($fh,$done)) {$this->{skipnotspam} = 0;return;}
======================

Suggested Code
======================
if (&MsgScoreTooHigh($fh,$done)) {$this->{skipnotspam} = 0;return;}

if ($this->{cipdone} && $this->{ciphelo} && $this->{cip} && ! 
$this->{nohelo}) {
     &IPinHeloOK($fh);
}
if (&MsgScoreTooHigh($fh,$done)) {$this->{skipnotspam} = 0;return;}
======================

or

======================
if (&MsgScoreTooHigh($fh,$done)) {$this->{skipnotspam} = 0;return;}

if ($this->{cipdone} && $this->{ciphelo} && $this->{cip} && ! 
$this->{nohelo}) {
     if (! &IPinHeloOK($fh)) {
         if ($this->{error} && &MsgScoreTooHigh($fh,$done)) 
{$this->{skipnotspam} = 0;return;}
     }
}
======================


-- 
Michael Thomas
Mathbox
978-687-3300
Toll Free: 1-877-MATHBOX (1-877-628-4269)


------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here 
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Reply via email to