MailScanner ANNOUNCE: Stable 4.77 released

Julian Field MailScanner at ecs.soton.ac.uk
Mon Jun 1 16:14:41 IST 2009 


On 01/06/2009 15:31, Kai Schaetzl wrote:
> Julian Field wrote on Mon, 01 Jun 2009 10:00:20 +0100:
>
>    
>> - You can finally use hostname, domain name, partial domain names
>> including wildcards and Perl regular expressions to make a ruleset line
>> apply to the name of the host the message came from, instead of having
>> to just use the numerical IP address.
>>      
> Do I understand it correctly that it goes
> IP number - reverse lookup - act on the resultant hostname?
>    
Yes.
> 1.
> What happens if there is no hostname? (not that we accept mail from such
> servers, but others may) Will it just not match or throw an error? It
> might be helpful to actually match against "no hostname".
>    
Then the condition "host:" will match, i.e. no hostname given in the 
rule. This will also happen if your DNS times out or something else 
nasty happens so that it cannot resolve the hostname.
> 2.
> It looks easily forgable to me. e.g. if a spammer wants to send a lot of
> spam pertaining to come from gmail.com addresses from a host where he has
> control over PTR records he can easily "forge" the PTR to something at
> gmail.com and take advantage of any possible whitelisting. So, I think a
> word of caution in the comments about using this feature for general
> whitelisting of freemailers might be advisable.
>    
I was mostly thinking that people would use it for their own customers' 
advantage. Yes, PTR records can be forged, it's a fact of life. I guess 
that's why a lot of firewall products don't dynamically allow this sort 
of thing to go on, but I thought you might find it useful.

I have just added anti-spoofing (you can write a rule condition that 
says "host:_SPOOFED_" to match spoofed hosts) and release 4.77.9.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list