Speaking of direct-to-MX spam, both AOL and Yahoo are large companies with whole walls-full of servers devoted to mail delivery. None of them announce themselves with "HELO yahoo.com" or "HELO aol.com." Spammers certainly do, though.
Here's a patch to SMTP.pm to add hooks for HELO and EHLO, and a plugin to use them. -- Devin \ aqua(at)devin.com, 1024D/E9ABFCD2; http://www.devin.com Carraway \ IRC: Requiem GCS/CC/L s-:--- !a !tv C++++$ ULB+++$ O+@ P L+++
# $Id$
#
# Check a HELO message delivered from a connecting host. Reject any
# that appear in the badhelo config -- e.g. yahoo.com and aol.com, which
# neither the real Yahoo or the real AOL use, but which spammers use rather
# a lot.
sub register {
my ($self, $qp) = @_;
$self->register_hook("helo", "check_helo");
$self->register_hook("ehlo", "check_helo");
}
sub check_helo {
my ($self, $transaction, $host) = @_;
($host = lc $host) or return DECLINED;
for my $bad ($self->qp->config('badhelo')) {
if ($host eq lc $bad) {
$self->log(5, "Denying HELO from host claiming to be $bad");
return (DENY, "Uh-huh. You're $host, and I'm a boil on the
bottom of the Marquess of Queensbury's great-aunt.");
}
}
DECLINED;
}
Index: lib/Qpsmtpd/SMTP.pm
===================================================================
RCS file: /cvs/public/qpsmtpd/lib/Qpsmtpd/SMTP.pm,v
retrieving revision 1.8
diff -u -r1.8 SMTP.pm
--- lib/Qpsmtpd/SMTP.pm 6 Feb 2003 05:17:28 -0000 1.8
+++ lib/Qpsmtpd/SMTP.pm 13 Mar 2003 08:56:49 -0000
@@ -101,10 +104,19 @@
my $conn = $self->connection;
return $self->respond (503, "but you already said HELO ...") if $conn->hello;
- $conn->hello("helo");
- $conn->hello_host($hello_host);
- $self->transaction;
- $self->respond(250, $self->config('me') ." Hi " . $conn->remote_info . " [" .
$conn->remote_ip ."]; I am so happy to meet you.");
+ my ($rc, $msg) = $self->run_hooks("helo", $hello_host);
+ if ($rc == DONE) {
+ # do nothing
+ } elsif ($rc == DENY) {
+ $self->respond(550, $msg);
+ } elsif ($rc == DENYSOFT) {
+ $self->respond(450, $msg);
+ } else {
+ $conn->hello("helo");
+ $conn->hello_host($hello_host);
+ $self->transaction;
+ $self->respond(250, $self->config('me') ." Hi " . $conn->remote_info . " [" .
$conn->remote_ip ."]; I am so happy to meet you.");
+ }
}
sub ehlo {
@@ -112,16 +124,25 @@
my $conn = $self->connection;
return $self->respond (503, "but you already said HELO ...") if $conn->hello;
- $conn->hello("ehlo");
- $conn->hello_host($hello_host);
- $self->transaction;
+ my ($rc, $msg) = $self->run_hooks("ehlo", $hello_host);
+ if ($rc == DONE) {
+ # do nothing
+ } elsif ($rc == DENY) {
+ $self->respond(550, $msg);
+ } elsif ($rc == DENYSOFT) {
+ $self->respond(450, $msg);
+ } else {
+ $conn->hello("ehlo");
+ $conn->hello_host($hello_host);
+ $self->transaction;
- $self->respond(250,
+ $self->respond(250,
$self->config("me") . " Hi " . $conn->remote_info . " [" .
$conn->remote_ip ."]",
"PIPELINING",
"8BITMIME",
($self->config('databytes') ? "SIZE ".
($self->config('databytes'))[0] : ()),
);
+ }
}
sub mail {
pgp00000.pgp
Description: PGP signature
