On [Wed, 16.06. 13:54], Goesta Smekal wrote:
>
> Actually I'm about to write a filter checking if the HELO domain exists. Hints
> from Davide are welcome :-) ( for example, wyh doesn't xmail do this in the
> first place ? )
>
> stay tuned ...
... well, some nightly hacking and coding and my filter is (almost) there.
Works as follows:
* pre-data filter
* take the first field from the 'Info Data' line of @@FILE. This is where the
HELO part goes
* check if the domain is valid (tricky)
* if not, return '3' and exit
Now the tricky part: looking up a host is near trivial, with a domain,
things get a little more complicated. My first guess was 'whois'. But the
answers you get from the different whois servers differs a lot in both format
and contents, especially when the domain is _not_ existing. :-P
Next came 'dig'. Works better, but sometimes when I dig a registered domain
there is no 'answer' section in the response ?!?!? ~:-/
So dig for MX of the domain. Well some smtp daemons send their hostname
instead of the domain name here. And, do all domains have an MX ? RFC 821 says:
HELLO (HELO)
This command is used to identify the sender-SMTP to the
receiver-SMTP. The argument field contains the host name of
the sender-SMTP.
(This is at page 19, just in case anybody cares)
Now I'm in trouble. I'll try and cut the first part off the name in case there
is no MX for the whole thing and check again (a bit more simple than in my
blacklisting thingy). Let's see ...
For the curious, the script is at:
http://korda.smekal.at/xmailtools/MailScan/helo.pl
BUT BE WARNED AGAIN: this IS buggy and not working yet. IF YOU TRY THIS AT A
PRODUCTION MAILSERVER YOU MAY LOSE MAILS (and I warned you, so don't blame me)
Goesta
--
Wiener Hilfswerk - EDV
1072 Wien, Schottenfeldgasse 29
Tel: 512 36 61 DW 407 / Fax 512 36 61 33
-- Attached file included as plaintext by Ecartis --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBQNE9ueEKFiIqAG4fAQJrDgf/YIeFJd0LVix8ODfbffstYrX/hi8yTEyn
N7XJk84MzjmbeIjxsdb9S9HZP4WOx7k5KF+DKZ3l3HU47po6LLMNU3xAuKeUKlkk
rVg5avIAfEOKONEWuFFSZUjbssBOzEALvgkOi0o+an6hunes0uObT5y7xA3kNGuH
WUUuGPGimnwiU5NSApoybIyuht4rXgs1gwalP+oZkI4Q2RszwR7iVZWMe/RisrSv
DnkGnxMtYwqJJ432Z47w1DTMO1tPxSsmjMNGQ5oJExL0bhWe4NfB8qbPRkiYzH0E
rFdrD/DDss9qeuJhHkWq5ZFhh/LNWxvSn1sITI8t5n1LCqCsNAN6wQ==
=T5Ar
-----END PGP SIGNATURE-----
-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]
