New feature - hostname lookups in rulesets

Desai, Jason jase at
Fri Jun 5 16:47:15 IST 2009

> -----Original Message-----
> I have just added a new feature which I hope you will find useful.
> It struck me that it has always been really awkward to have to use IP
> addresses in the "From:" lines in rulesets, and wouldn't it be a lot
> easier to be able to use hostnames or domain names, with wildcards,
> stuff like that.
> So now you can.
> You just put "host:" at the start of the hostname or domain name (or
> wildcard or regexp or whatever) and it matches it against the hostname
> of the SMTP client that sent the message to MailScanner.
> So you can now do rules such as these:
> From: host:localhost.localdomain yes
> From: yes
> From: host:mailgate* yes
> From: yes
> From: yes
> From: host:example.* yes
> From: host:/\.(de|dk|es)$/ yes
> and all sorts of things like that.

Do you do any checking of the host name?  For example, it would be
trivial for someone who controls DNS for a range of IPs to set their PTR
records to whatever they wish.  To make it a little more difficult to
abuse, I'd suggest doing an A lookup and verifying that the IP of the
name matches the IP that the mail came from.  It will require a few more
lookups and logic, but I would think it's worth it.  Of course, not all
domains have matching PTR and A records.  Maybe make this additional
check optional?  I just don't want to see this get abused.


This message is intended only for the addressee and may contain information that is company confidential or privileged.  Any technical data in this message may be exported only in accordance with the U.S. International Traffic in Arms Regulations (22 CFR Parts 120-130) or the Export Administration Regulations (15 CFR Parts 730-774). Unauthorized use is strictly prohibited and may be unlawful. If you are not the intended recipient, or the person responsible for delivering to the intended recipient, you should not read, copy, disclose or otherwise use this message. If you have received this email in error, please delete it, and advise the sender immediately.                                                                                                                                                                                                                                                        

More information about the MailScanner mailing list