helo: added is_plain_ip to lenient checks

there's no excuse for a client to ever send a raw IP, and I have yet to see a valid client do it
This commit is contained in:
Matt Simerson 2012-06-30 14:18:16 -04:00
parent 3a50137b34
commit 5bc212b890

View File

@ -106,25 +106,25 @@ Default: lenient
=head3 lenient =head3 lenient
Reject failures of the following tests: is_in_badhelo, invalid_localhost, and Reject failures of the following tests: is_in_badhelo, invalid_localhost,
is_forged_literal. is_forged_literal, and is_plain_ip.
This setting is lenient enough not to cause problems for your Windows users. This setting is lenient enough not to cause problems for your Windows users.
It is comparable to running check_spamhelo, but with the addition of regexp It is comparable to running check_spamhelo, but with the addition of regexp
support and the prevention of forged localhost and forged IP literals. support, the prevention of forged localhost, forged IP literals, and plain
IPs.
=head3 rfc =head3 rfc
Per RFC 2821, the HELO hostname is the FQDN of the sending server or an Per RFC 2821, the HELO hostname is the FQDN of the sending server or an
address literal. When I<policy rfc> is selected, all the lenient checks and address literal. When I<policy rfc> is selected, all the lenient checks and
the following are enforced: is_plain_ip, is_not_fqdn, no_forward_dns, and the following are enforced: is_not_fqdn, no_forward_dns, and no_reverse_dns.
no_reverse_dns.
If you have Windows users that send mail via your server, do not choose If you have Windows users that send mail via your server, do not choose
I<policy rfc> without I<reject naughty> and the B<naughty> plugin. Windows I<policy rfc> without settings I<reject naughty> and using the B<naughty>
users often send unqualified HELO names and will have trouble sending mail. plugin. Windows PCs often send unqualified HELO names and will have trouble
<Naughty> can defer the rejection, and if the user subsequently authenticates, sending mail. The B<naughty> plugin defers the rejection, and if the user
the rejection will be cancelled. subsequently authenticates, the rejection is be cancelled.
=head3 strict =head3 strict
@ -259,11 +259,10 @@ sub populate_tests {
my $self = shift; my $self = shift;
my $policy = $self->{_args}{policy}; my $policy = $self->{_args}{policy};
@{ $self->{_helo_tests} } = qw/ is_in_badhelo invalid_localhost is_forged_literal /; @{ $self->{_helo_tests} } = qw/ is_in_badhelo invalid_localhost is_forged_literal is_plain_ip /;
if ( $policy eq 'rfc' || $policy eq 'strict' ) { if ( $policy eq 'rfc' || $policy eq 'strict' ) {
push @{ $self->{_helo_tests} }, qw/ is_plain_ip is_not_fqdn push @{ $self->{_helo_tests} }, qw/ is_not_fqdn no_forward_dns no_reverse_dns /;
no_forward_dns no_reverse_dns /;
}; };
if ( $policy eq 'strict' ) { if ( $policy eq 'strict' ) {