Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Date: Thu, 13 Mar 2003 00:57:39 -0800

From: Devin Carraway <qpsmtpd-list@devin.com>
To: qpsmtpd@perl.org
Subject: HELO hook and check plugin

Speaking of direct-to-MX spam, both AOL and Yahoo are large companies
with whole walls-full of servers devoted to mail delivery.  None of them
announce themselves with "HELO yahoo.com" or "HELO aol.com."  Spammers
certainly do, though.

Here's a patch to SMTP.pm to add hooks for HELO and EHLO, and a plugin
to use them.


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@119 958fd67b-6ff1-0310-b445-bb7760255be9
  • Loading branch information...
commit 5d34bad178188194f8074a0b6c858ef7ead4fb53 1 parent 4fd0926
Ask Bjørn Hansen abh authored
4 config.sample/badhelo
View
@@ -0,0 +1,4 @@
+# these domains never uses their domain when greeting us, so reject transactions
+aol.com
+yahoo.com
+
36 lib/Qpsmtpd/SMTP.pm
View
@@ -101,10 +101,19 @@ sub helo {
my $conn = $self->connection;
return $self->respond (503, "but you already said HELO ...") if $conn->hello;
- $conn->hello("helo");
- $conn->hello_host($hello_host);
- $self->transaction;
- $self->respond(250, $self->config('me') ." Hi " . $conn->remote_info . " [" . $conn->remote_ip ."]; I am so happy to meet you.");
+ my ($rc, $msg) = $self->run_hooks("helo", $hello_host);
+ if ($rc == DONE) {
+ # do nothing
+ } elsif ($rc == DENY) {
+ $self->respond(550, $msg);
+ } elsif ($rc == DENYSOFT) {
+ $self->respond(450, $msg);
+ } else {
+ $conn->hello("helo");
+ $conn->hello_host($hello_host);
+ $self->transaction;
+ $self->respond(250, $self->config('me') ." Hi " . $conn->remote_info . " [" . $conn->remote_ip ."]; I am so happy to meet you.");
+ }
}
sub ehlo {
@@ -112,16 +121,25 @@ sub ehlo {
my $conn = $self->connection;
return $self->respond (503, "but you already said HELO ...") if $conn->hello;
- $conn->hello("ehlo");
- $conn->hello_host($hello_host);
- $self->transaction;
-
- $self->respond(250,
+ my ($rc, $msg) = $self->run_hooks("ehlo", $hello_host);
+ if ($rc == DONE) {
+ # do nothing
+ } elsif ($rc == DENY) {
+ $self->respond(550, $msg);
+ } elsif ($rc == DENYSOFT) {
+ $self->respond(450, $msg);
+ } else {
+ $conn->hello("ehlo");
+ $conn->hello_host($hello_host);
+ $self->transaction;
+
+ $self->respond(250,
$self->config("me") . " Hi " . $conn->remote_info . " [" . $conn->remote_ip ."]",
"PIPELINING",
"8BITMIME",
($self->config('databytes') ? "SIZE ". ($self->config('databytes'))[0] : ()),
);
+ }
}
sub mail {
37 plugins/check_spamhelo
View
@@ -0,0 +1,37 @@
+=head1 NAME
+
+check_spamhelo - Check a HELO message delivered from a connecting host.
+
+=head1 DESCRIPTION
+
+Check a HELO message delivered from a connecting host. Reject any
+that appear in the badhelo config -- e.g. yahoo.com and aol.com, which
+neither the real Yahoo or the real AOL use, but which spammers use
+rather a lot.
+
+=head1 CONFIGURATION
+
+Add domains or hostnames to the F<badhelo> configuration file; one
+per line.
+
+=cut
+
+sub register {
+ my ($self, $qp) = @_;
+ $self->register_hook("helo", "check_helo");
+ $self->register_hook("ehlo", "check_helo");
+}
+
+sub check_helo {
+ my ($self, $transaction, $host) = @_;
+ ($host = lc $host) or return DECLINED;
+
+ for my $bad ($self->qp->config('badhelo')) {
+ if ($host eq lc $bad) {
+ $self->log(5, "Denying HELO from host claiming to be $bad");
+ return (DENY, "Uh-huh. You're $host, and I'm a boil on the bottom of the Marquess of Queensbury's great-aunt.");
+ }
+ }
+ return DECLINED;
+}
+
Please sign in to comment.
Something went wrong with that request. Please try again.