|
Lines 41-47
Link Here
|
| 41 |
|
41 |
|
| 42 |
# the important bit! |
42 |
# the important bit! |
| 43 |
$self->register_eval_rule("check_for_numeric_helo"); |
43 |
$self->register_eval_rule("check_for_numeric_helo"); |
| 44 |
$self->register_eval_rule("check_for_illegal_ip"); |
|
|
| 45 |
$self->register_eval_rule("check_all_trusted"); |
44 |
$self->register_eval_rule("check_all_trusted"); |
| 46 |
$self->register_eval_rule("check_no_relays"); |
45 |
$self->register_eval_rule("check_no_relays"); |
| 47 |
$self->register_eval_rule("check_relays_unparseable"); |
46 |
$self->register_eval_rule("check_relays_unparseable"); |
|
Lines 73-79
Link Here
|
| 73 |
} |
72 |
} |
| 74 |
} |
73 |
} |
| 75 |
|
74 |
|
| 76 |
sub helo_forgery_whitelisted { |
75 |
sub _helo_forgery_whitelisted { |
| 77 |
my ($helo, $rdns) = @_; |
76 |
my ($helo, $rdns) = @_; |
| 78 |
if ($helo eq 'msn.com' && $rdns eq 'hotmail.com') { return 1; } |
77 |
if ($helo eq 'msn.com' && $rdns eq 'hotmail.com') { return 1; } |
| 79 |
0; |
78 |
0; |
|
Lines 96-127
Link Here
|
| 96 |
return 0; |
95 |
return 0; |
| 97 |
} |
96 |
} |
| 98 |
|
97 |
|
| 99 |
sub check_for_illegal_ip { |
|
|
| 100 |
my ($self, $pms) = @_; |
| 101 |
|
| 102 |
foreach my $rcvd ( @{$pms->{relays_untrusted}} ) { |
| 103 |
# (note this might miss some hits if the Received.pm skips any invalid IPs) |
| 104 |
# do we really want to chase the more recent IANA allocations? |
| 105 |
# check: http://www.iana.org/assignments/ipv4-address-space/ |
| 106 |
foreach my $check ( $rcvd->{ip}, $rcvd->{by} ) { |
| 107 |
return 1 if ($check =~ /^ |
| 108 |
(?:[0157]|22[4-9]|2[3-9]\d|[12]\d{3,}|[3-9]\d\d+) \.\d+\.\d+\.\d+ |
| 109 |
$/x); |
| 110 |
} |
| 111 |
} |
| 112 |
return 0; |
| 113 |
} |
| 114 |
|
| 115 |
sub sent_by_applemail { |
| 116 |
my ($self, $pms) = @_; |
| 117 |
|
| 118 |
return 0 unless ($pms->get("MIME-Version") =~ /Apple Message framework/); |
| 119 |
return 0 unless ($pms->get("X-Mailer") =~ /^Apple Mail \(\d+\.\d+\)/); |
| 120 |
return 0 unless ($pms->get("Message-Id") =~ |
| 121 |
/^<[A-F0-9]+(?:-[A-F0-9]+){4}\@\S+.\S+>$/); |
| 122 |
return 1; |
| 123 |
} |
| 124 |
|
| 125 |
# note using IPv4 addresses for now due to empty strings matching IP_ADDRESS |
98 |
# note using IPv4 addresses for now due to empty strings matching IP_ADDRESS |
| 126 |
# due to bug in pure IPv6 address regular expression |
99 |
# due to bug in pure IPv6 address regular expression |
| 127 |
sub helo_ip_mismatch { |
100 |
sub helo_ip_mismatch { |
|
Lines 375-381
Link Here
|
| 375 |
my $prev = $from[$i-1]; |
348 |
my $prev = $from[$i-1]; |
| 376 |
if (defined($prev) && $i > 0 |
349 |
if (defined($prev) && $i > 0 |
| 377 |
&& $prev =~ /^\w+(?:[\w.-]+\.)+\w+$/ |
350 |
&& $prev =~ /^\w+(?:[\w.-]+\.)+\w+$/ |
| 378 |
&& $by ne $prev && !helo_forgery_whitelisted($by, $prev)) |
351 |
&& $by ne $prev && !_helo_forgery_whitelisted($by, $prev)) |
| 379 |
{ |
352 |
{ |
| 380 |
dbg2("eval: forged-HELO: mismatch on from: '$prev' != '$by'"); |
353 |
dbg2("eval: forged-HELO: mismatch on from: '$prev' != '$by'"); |
| 381 |
$pms->{mismatch_from}++; |
354 |
$pms->{mismatch_from}++; |
