helo: stop processing after first match
This commit is contained in:
parent
9bea21bc75
commit
3ba8e12155
@ -371,6 +371,7 @@ sub is_forged_literal {
|
|||||||
my ( $self, $host ) = @_;
|
my ( $self, $host ) = @_;
|
||||||
return if $host !~ m/^\[(\d{1,3}\.){3}\d{1,3}\]$/;
|
return if $host !~ m/^\[(\d{1,3}\.){3}\d{1,3}\]$/;
|
||||||
|
|
||||||
|
# should we add exceptions for reserved internal IP space? (192.168,10., etc?)
|
||||||
$host = substr $host, 1, -1;
|
$host = substr $host, 1, -1;
|
||||||
return if $host eq $self->qp->connection->remote_ip;
|
return if $host eq $self->qp->connection->remote_ip;
|
||||||
return ("Forged IPs not accepted here", "forged IP literal");
|
return ("Forged IPs not accepted here", "forged IP literal");
|
||||||
@ -410,6 +411,7 @@ sub no_forward_dns {
|
|||||||
next unless $rr->type =~ /^(?:A|AAAA)$/;
|
next unless $rr->type =~ /^(?:A|AAAA)$/;
|
||||||
$self->check_ip_match( $rr->address );
|
$self->check_ip_match( $rr->address );
|
||||||
$hits++;
|
$hits++;
|
||||||
|
last if $self->connection->notes('helo_forward_match');
|
||||||
}
|
}
|
||||||
if ( $hits ) {
|
if ( $hits ) {
|
||||||
$self->log(LOGDEBUG, "pass, forward DNS") if $hits;
|
$self->log(LOGDEBUG, "pass, forward DNS") if $hits;
|
||||||
@ -449,6 +451,9 @@ sub no_reverse_dns {
|
|||||||
sub no_matching_dns {
|
sub no_matching_dns {
|
||||||
my ( $self, $host ) = @_;
|
my ( $self, $host ) = @_;
|
||||||
|
|
||||||
|
# this is called iprev, or "Forward-confirmed reverse DNS" and is discussed in RFC 5451
|
||||||
|
# consider adding header: Authentication-Results
|
||||||
|
|
||||||
if ( $self->connection->notes('helo_forward_match') &&
|
if ( $self->connection->notes('helo_forward_match') &&
|
||||||
$self->connection->notes('helo_reverse_match') ) {
|
$self->connection->notes('helo_reverse_match') ) {
|
||||||
$self->log( LOGDEBUG, "foward and reverse match" );
|
$self->log( LOGDEBUG, "foward and reverse match" );
|
||||||
|
Loading…
Reference in New Issue
Block a user