From 5bc212b890008ac6646148faff7add9ac2bfee0f Mon Sep 17 00:00:00 2001 From: Matt Simerson Date: Sat, 30 Jun 2012 14:18:16 -0400 Subject: [PATCH] helo: added is_plain_ip to lenient checks there's no excuse for a client to ever send a raw IP, and I have yet to see a valid client do it --- plugins/helo | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/plugins/helo b/plugins/helo index 58748c7..10ee6b3 100644 --- a/plugins/helo +++ b/plugins/helo @@ -106,25 +106,25 @@ Default: lenient =head3 lenient -Reject failures of the following tests: is_in_badhelo, invalid_localhost, and -is_forged_literal. +Reject failures of the following tests: is_in_badhelo, invalid_localhost, +is_forged_literal, and is_plain_ip. This setting is lenient enough not to cause problems for your Windows users. It is comparable to running check_spamhelo, but with the addition of regexp -support and the prevention of forged localhost and forged IP literals. +support, the prevention of forged localhost, forged IP literals, and plain +IPs. =head3 rfc Per RFC 2821, the HELO hostname is the FQDN of the sending server or an address literal. When I is selected, all the lenient checks and -the following are enforced: is_plain_ip, is_not_fqdn, no_forward_dns, and -no_reverse_dns. +the following are enforced: is_not_fqdn, no_forward_dns, and no_reverse_dns. If you have Windows users that send mail via your server, do not choose -I without I and the B plugin. Windows -users often send unqualified HELO names and will have trouble sending mail. - can defer the rejection, and if the user subsequently authenticates, -the rejection will be cancelled. +I without settings I and using the B +plugin. Windows PCs often send unqualified HELO names and will have trouble +sending mail. The B plugin defers the rejection, and if the user +subsequently authenticates, the rejection is be cancelled. =head3 strict @@ -259,11 +259,10 @@ sub populate_tests { my $self = shift; my $policy = $self->{_args}{policy}; - @{ $self->{_helo_tests} } = qw/ is_in_badhelo invalid_localhost is_forged_literal /; + @{ $self->{_helo_tests} } = qw/ is_in_badhelo invalid_localhost is_forged_literal is_plain_ip /; if ( $policy eq 'rfc' || $policy eq 'strict' ) { - push @{ $self->{_helo_tests} }, qw/ is_plain_ip is_not_fqdn - no_forward_dns no_reverse_dns /; + push @{ $self->{_helo_tests} }, qw/ is_not_fqdn no_forward_dns no_reverse_dns /; }; if ( $policy eq 'strict' ) {