Hi,
I used some regex filters in the past which I'm trying to convert to the
latest builtin filters. In particular, I stumbled over a HELO filter,
which rejects non-FQDN HELO forcing SMTP protocol, aka:
Sendmail FEATURE(block_bad_helo) or Postfix reject_non_fqdn_helo_hostname
I had significant success rate with this kind of blocking, since a good
portions of spammers seem to be too lazy to configure HELO correctly.
Here is what I came up with:
# reject HELO/EHLO with leading or trailing dot, and without dots (non-FQDN)
filter helo phase helo connect match helo regex { "^\.", "\.$", "^[^\.]*$" }
disconnect "554 5.7.1 HELO rejected"
filter ehlo phase ehlo connect match helo regex { "^\.", "\.$", "^[^\.]*$" }
disconnect "554 5.7.1 EHLO rejected
Now, I just need a way to skip/allow IPv6 address literals, e.g. there
are no dots in EHLO [::1], but still a valid/allowed value.
With old filter-regex I just did a negotiation: ! regex "^\[" to
not apply filter to v6 literals
Any ideas/hints how to add/implement this with the new builtin regex
filter syntax?
Thanks,
Regards,
Joerg
