[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: eliminating unbracketed numeric HELO/EHLO 's



(occasional dredge up in my mailbox ...)

On Thu, Apr 10, 2003 at 09:58:58PM -0600, James MacKinnon wrote:
> Hi Matti,
> 
> I'm noticing an ever increasing number of unresolved (ie not in DNS)
> transactions where the spam-kiddies are not using traditional 
> alpha-string type hostnames or bracketed IP's in the HELO/EHLO.
> 
> Is there a stanza for smtpserver.conf which can eliminate things
> in general like the following (from the smtpserver log):

No in there, but:

   SMTPOPTIONS="-h -s strict -s ve -l /var/log/mail/smtpserver"

in your   zmailer.conf  file will do it.

> KDlY05060r      HELO 204.171.156.87
> KDlY05060w      250 relay.phys.ualberta.ca Hello 204.171.156.87
> 
> I'd like to be able to deny access altogether to all hosts that
> do not present an alpha hostname or [IP], but do present numeric IP 
> strings.
> 
> For bracketed IP's I know it's easily accomplished with a stanza like:
> 
> 	\[*.*.*.*\]            999 !NO EMAIL ACCEPTED
> 
> but how to do it with ie '*.*.*.*' where the wildcard match expands to a
> numeric-only unbracketed IP string?

Those stanzas are  SH Glob patterns:

   [1-9][0-9]*.[1-9][0-9]*.[1-9][0-9]*.[1-9][0-9]*

Or maybe without "[1-9]" part ...

> (I'm running 2.99.55)

Should work there too, necessary code is quite old.

> Thanks,
> -- 
> James S. MacKinnon           Office: P-139 Avadh-Bhatia Physics Lab
> Team Physics                 Voice : (780) 492-8226 [old AC 403]
> University of Alberta        email : Jim.MacKinnon@Phys.UAlberta.CA
> Edmonton, Canada T6G 2N5     WWW   : http://www.phys.ualberta.ca/
-- 
/Matti Aarnio	<mea@nic.funet.fi>
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi