(A) can be defeated by making the code aware of NAV being installed...
Or it can be commented out.
I'm talking about end-users with NAV installed on their PCs.
(B) That's not a restriction of Windows, I believe. That's a limitation
of certain Windows UA's. I'm working on a patch to Thunderbird, that
should work on XP as well.
Yes, I was implying the MUA. I don't see it chaning in Outlook/OE anytime
soon so while it's nice that there is a thunderbird fix for the issue, the
reality for me is that I believe this check will have hideously high FPs.
I believe that if you aren't using Microsoft networking and/or Active
Directories, then you can set the computer name to an arbitrary string,
including dots...
I can't argue this but again would see it as irrelevant. The percentage of
people using Microsoft networks and AD is again a reality that would produce
too many FPs. I'm testing with this as you could see from my rules but have
not been impressed so far with the results.
If you're behind a firewall or you're NATting, then you're only going to
generate a bad address in the HELO in an outgoing transaction.
If you're sending out email, then you need to generate a name by which
you're reachable... i.e. a domain name, not an IP address (which will
have only local significance).
I'm not arguing proper setup, just what I've seen and why I've excluded
certain cases.
if ($helo =~ /^\[?(localhost|127.0.0.1)\]?$/i && $ip ne '127.0.0.1') {
Why would localhost be bracketed?
Because ratware and spammers aren't known for their RFC Compliance ;-)
Why testing for $ip ne '127.0.0.1' again here? Maybe these two tests
should be bracketed by this, or else do early acceptance of sessions
from that address?
Because I am gathering statistics and looking at tunnelled usage as well on
each individual test.
if ($helo =~ /^friend$/) {
Hmmm.... Any identifier that isn't dotted would seem to be bogus
(unless you want to make an exception for localhost). I've seen other
hosts say "HELO xyzzy", etc.
friend has been particularly abused. I haven't seen the same trend because
as I said above, I see perfectly legit traffic using HELO
microsoftnetworkname and I haven't figured out a way to reduce the FPs.
Regards,
KAM
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
