Am Fr, den 29.10.2004 schrieb Yang Xiao um 15:54: > Hi, > I found out that the filter_sender() function will be enabled if I > turn the MX_SENDER_CHECK option on. I was just wondering where should > I put it and how to use it.
For you as a Fedora user it has to be activated in /etc/sysconfig/mimedefang. > I got to read the man pages more carefully. > As for the usefullness of the code sample, I think it at least get rid > of half of the problem, and spammers can still forge the MAIL FROM > header if he uses a legit HELO. So the problem is, how do you check > the MAIL FROM header then? Both HELO and MAIL FROM can be easily forged. The question is, what do you want to prohibit? Often a combination of tests is needed to properly detect spamming attempts and to not reject valid senders. One test which stops quite some guys at the front door is following: #*********************************************************************** # %PROCEDURE: filter_relay # %DESCRIPTION: # Check whether helo fits with hosts IP address. #*********************************************************************** sub filter_relay ($$$$) { my ($ip, $name, $helo, $RelayAddr) = @_; # Check if IP correlates to given HELO if (($helo =~ /^(\d{1,3})(.)(\d{1,3})(.)(\d{1,3})(.)(\d{1,3})$/) && ($ip ne $helo)) { md_syslog('warning', "Header forgery attempt: $ip claims to be $helo"); return ('REJECT', "Header forgery attempt, $ip claims to be $helo"); } return ('CONTINUE', "ok"); } > Yang Alexander -- Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13 Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.8-1.521smp Serendipity 17:34:56 up 9 days, 14:14, load average: 0.02, 0.06, 0.09 _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang