MailScanner ANNOUNCE: Stable 4.77 released
MailScanner at ecs.soton.ac.uk
Mon Jun 1 16:14:41 IST 2009
On 01/06/2009 15:31, Kai Schaetzl wrote:
> Julian Field wrote on Mon, 01 Jun 2009 10:00:20 +0100:
>> - You can finally use hostname, domain name, partial domain names
>> including wildcards and Perl regular expressions to make a ruleset line
>> apply to the name of the host the message came from, instead of having
>> to just use the numerical IP address.
> Do I understand it correctly that it goes
> IP number - reverse lookup - act on the resultant hostname?
> What happens if there is no hostname? (not that we accept mail from such
> servers, but others may) Will it just not match or throw an error? It
> might be helpful to actually match against "no hostname".
Then the condition "host:" will match, i.e. no hostname given in the
rule. This will also happen if your DNS times out or something else
nasty happens so that it cannot resolve the hostname.
> It looks easily forgable to me. e.g. if a spammer wants to send a lot of
> spam pertaining to come from gmail.com addresses from a host where he has
> control over PTR records he can easily "forge" the PTR to something at
> gmail.com and take advantage of any possible whitelisting. So, I think a
> word of caution in the comments about using this feature for general
> whitelisting of freemailers might be advisable.
I was mostly thinking that people would use it for their own customers'
advantage. Yes, PTR records can be forged, it's a fact of life. I guess
that's why a lot of firewall products don't dynamically allow this sort
of thing to go on, but I thought you might find it useful.
I have just added anti-spoofing (you can write a rule condition that
says "host:_SPOOFED_" to match spoofed hosts) and release 4.77.9.
Julian Field MEng CITP CEng
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Need help fixing or optimising your systems?
Need help getting you started solving new requirements from your boss?
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner