Koozali.org: home of the SME Server

qmail badhelo format question

Offline pwalter

  • *
  • 38
  • +0/-0
qmail badhelo format question
« on: March 28, 2009, 04:58:21 PM »
I have tried reviewing the spam that is making it past spamassassin, and entering the HELO greeting in /var/qmail/control/badhelo and /var/service/qpsmtpd/control/badhelo. I am using the format "domain.com" for the entry. However, I notice that HELOs of the format "mx.domain.com" are being accepted anyway. Does anyone know for sure what the address format should be in badhelo to catch addresses with subdomains?

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Re: qmail badhelo format question
« Reply #1 on: March 28, 2009, 08:12:52 PM »
I have tried reviewing the spam that is making it past spamassassin, and entering the HELO greeting in /var/qmail/control/badhelo and /var/service/qpsmtpd/control/badhelo. I am using the format "domain.com" for the entry. However, I notice that HELOs of the format "mx.domain.com" are being accepted anyway. Does anyone know for sure what the address format should be in badhelo to catch addresses with subdomains?

Entries in badhelo are literal matches, matched against the provided 'helo' host using perl 'eq'.

Offline pwalter

  • *
  • 38
  • +0/-0
Re: qmail badhelo format question
« Reply #2 on: March 28, 2009, 08:19:36 PM »
Entries in badhelo are literal matches, matched against the provided 'helo' host using perl 'eq'.
Charlie,
Thanks for the clarification. It makes badhelo pretty useless then - I have noticed what the spammers do is use mx1.domain.com, then switch to mx2.domain.com, etc ... I was looking for a match against a wildcard or regular expression. Do you know of a plugin that does that?

Offline pwalter

  • *
  • 38
  • +0/-0
Re: qmail badhelo format question
« Reply #3 on: March 28, 2009, 08:54:21 PM »
Entries in badhelo are literal matches, matched against the provided 'helo' host using perl 'eq'.
Charlie, check_spamhelo might do the trick. It uses the existing badhelo file but allows some wildcards / regular expressions. What do you think? http://www.nntp.perl.org/group/perl.qpsmtpd/2004/06/msg1422.html

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: qmail badhelo format question
« Reply #4 on: March 29, 2009, 05:57:00 AM »
pwalter

Quote
check_spamhelo might do the trick.....

I think you would be better to propose/discuss that suggestion as a NFR in bugzilla.
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline pwalter

  • *
  • 38
  • +0/-0
Re: qmail badhelo format question
« Reply #5 on: March 29, 2009, 08:12:53 AM »
I think you would be better to propose/discuss that suggestion as a NFR in bugzilla.
Mary, nice to see you here. I want you to know that your efforts to help us users on these forums are greatly appreciated by all.
I doubt that the core developers would act on a NFR - they would most likely say this functionality is best served by a contrib, and I would agree. What I will do is propose to the author of the smeserver-wbl contrib that the contrib be modified to use check_spamhelo since that contrib users the badhelo file anyway, and the change would be backward-compatible. I have an existing bug report filed at http://bugs.contribs.org/show_bug.cgi?id=5085 and will simply add this to that bug report.

Offline David Harper

  • *
  • 653
  • +0/-0
  • Watch this space
    • Workgroup Technology Solutions
Re: qmail badhelo format question
« Reply #6 on: March 29, 2009, 08:27:12 AM »
Good idea pwalter :)

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Re: qmail badhelo format question
« Reply #7 on: March 29, 2009, 05:13:32 PM »
I doubt that the core developers would act on a NFR - they would most likely say this functionality is best served by a contrib, and I would agree.

Don't make that assumption. Open you open your NFR and it will be considered.

Quote
I have an existing bug report filed at http://bugs.contribs.org/show_bug.cgi?id=5085 and will simply add this to that bug report.

Please keep each NFR or bug report dealing with a single issue. Combining unrelated issues in the bug tracker just creates extra work in uncombining the again.

Offline pwalter

  • *
  • 38
  • +0/-0
Re: qmail badhelo format question
« Reply #8 on: March 29, 2009, 05:17:03 PM »
Don't make that assumption. Open you open your NFR and it will be considered.

Please keep each NFR or bug report dealing with a single issue. Combining unrelated issues in the bug tracker just creates extra work in uncombining the again.
Thanks for the guidance, Charlie. NFR opened at http://bugs.contribs.org/show_bug.cgi?id=5113
« Last Edit: March 29, 2009, 05:35:29 PM by pwalter »