helo: stop processing after first match

This commit is contained in:
Matt Simerson 2013-03-26 22:14:26 -04:00
parent 9bea21bc75
commit 3ba8e12155

View File

@ -371,6 +371,7 @@ sub is_forged_literal {
my ( $self, $host ) = @_; my ( $self, $host ) = @_;
return if $host !~ m/^\[(\d{1,3}\.){3}\d{1,3}\]$/; return if $host !~ m/^\[(\d{1,3}\.){3}\d{1,3}\]$/;
# should we add exceptions for reserved internal IP space? (192.168,10., etc?)
$host = substr $host, 1, -1; $host = substr $host, 1, -1;
return if $host eq $self->qp->connection->remote_ip; return if $host eq $self->qp->connection->remote_ip;
return ("Forged IPs not accepted here", "forged IP literal"); return ("Forged IPs not accepted here", "forged IP literal");
@ -410,6 +411,7 @@ sub no_forward_dns {
next unless $rr->type =~ /^(?:A|AAAA)$/; next unless $rr->type =~ /^(?:A|AAAA)$/;
$self->check_ip_match( $rr->address ); $self->check_ip_match( $rr->address );
$hits++; $hits++;
last if $self->connection->notes('helo_forward_match');
} }
if ( $hits ) { if ( $hits ) {
$self->log(LOGDEBUG, "pass, forward DNS") if $hits; $self->log(LOGDEBUG, "pass, forward DNS") if $hits;
@ -449,6 +451,9 @@ sub no_reverse_dns {
sub no_matching_dns { sub no_matching_dns {
my ( $self, $host ) = @_; my ( $self, $host ) = @_;
# this is called iprev, or "Forward-confirmed reverse DNS" and is discussed in RFC 5451
# consider adding header: Authentication-Results
if ( $self->connection->notes('helo_forward_match') && if ( $self->connection->notes('helo_forward_match') &&
$self->connection->notes('helo_reverse_match') ) { $self->connection->notes('helo_reverse_match') ) {
$self->log( LOGDEBUG, "foward and reverse match" ); $self->log( LOGDEBUG, "foward and reverse match" );