Discover and Learn the Endless Tech Innovations

Mailfront Plugin Check Helo

  • Table of Content
  • Introduction
  • Environment Configuration
  • Sender Action
  • Recipient Action
  • Data Action
  • Message Action
  • Requirements
  • Installation
  • Mailfront Plugins Configuration
  • License
  • Changes
  • Download

Introduction

Last Updated: 19 Mar 2019 GMT +8.

A mailfront plugin to provide an ability to reject, defer or add it's HELO name checking results to message header.

Reference:

IMPORTANT: This plugin is written for and tested with mailfront 2.22 abd bglibs 2.04.

Environment Configuration

  1. If $HELO_CHECK_SKIP is set, this plugin will be skipped
  2. If $RELAYCLIENT is set, add to message header and skip the remaining checks. Example of message header added:
    X-HELO-Check-Result: SKIPPED
    X-HELO-Check-Summary: $RELAYCLIENT is set for 1.2.3.4
  3. If sender is authenticated, add to message header and skip the remaining checks. Example of message header added:
    X-HELO-Check-Result: SKIPPED
    X-HELO-Check-Summary: authenticated user from 1.2.3.4
  4. If $RBLSMTPD is set and empty, add to message header and skip the remaining checks.
  5. If $HELO_CHECK_MATCH_IP is set, this plugin will check whether ${PROTO}REMOTEIP and HELO name IP are the same. If this check failed will skip all remaining checks and add to message header or defer or reject accordingly.
  6. If $HELO_CHECK_MATCH_IP_CLASS is set, this plugin will check whether ${PROTO}REMOTEIP and HELO name IP are the same IP class. If this check failed will skip all remaining checks and add to message header or defer or reject accordingly.
  7. If $HELO_CHECK_REMOTEIP_MATCH is set, this plugin will check for a match the first 3 octets (within same class C) of ${PROTO}REMOTEIP if is a valid IPv4 address against helo name A records. If there isn't a match, add headers or defer or reject accordingly. If there is a match, add headers if $HELO_CHECK_ADD_HEADER and skip the rest of the checks. Example of message header added:

  8. If $HELO_CHECK_REJECT is set, sender will be rejected with reply code 553 if any of the above checks failed.
  9. If $HELO_CHECK_DEFER is set, sender will be deferred with reply code 451 if any of the above checks failed. NOTE: $HELO_CHECK_DEFER takes precedence over $HELO_CHECK_DEFER.
  10. If $HELO_CHECK_ADD_HEADER is set, this plugin will add its checking result to each mail message header accepted.
  11. If $HELO_CHECK_VERBOSE is set, this plugin will log all its checking to stderr.

Sender Action

When sender issue HELO command, this plugin will set the environment variable $SENDER_HELO_HOSTNAME to the sender given helo name and do it's helo checking.

The following will be rejected, deferred or add to message headers accordingly to the environment variables configuration:

HELO (empty)
HELO localhost (without a period)
HELO .com (starts with a period)
HELO fake.com. (ends with a period)
HELO !@#$%^&* (characters not normally allowed in domain names)
HELO [192.168.1.1] (starts with [ or ends with ])
HELO 192.168.1.1 (IPv4 Address not allowed)

If $HELO_CHECK_REMOTEHOST is set, then the helo name must match the remotehost name.

If $HELO_CHECK_MATCH_IP is set, then one of the helo name's A/AAAA record must match the remoteip.

If $HELO_CHECK_MATCH_IP_CLASS is set, then one of the helo name's A/AAAA record must match the remoteip IP class.

Recipient Action

None.

Data Action

If $HELO_CHECK_REJECT or $HELO_CHECK_DEFER not set, this plugin will add it's helo name checking result to the message header otherwise it will reject or defer accordingly if sender is not authenticated.

X-HELO-Check-Result: PASSED
X-HELO-Check-Summary: There is 1 A record for sender_helo_name, 1 PTR record and 1 PTR record resolves to the same hostname.

This plugin will log to stderr.

Message Action

None.

Requirements

  • mailfront version 2.22 or later (might work with earlier version)
  • bglibs version 2.04 or later (might work with earlier version)

Installation

  • Build and install mailfront
  • Switch back to this package
  • Adjust the contents of the conf-* files
  • Build the sources by running "make"
  • Install the plugin by running "make install"

Mailfront Plugins Configuration

Place check-helo in mailfront's plugin list. Depending on your setup:

  • edit the smtpfront-qmail shell script and place the string check-helo after add-received
  • edit the PLUGINS environment variable and place the string check-helo after add-received
  • place the argument check-helo after the add-received of the mailfront command

Set up environment as described in Environment Configuration above or plugin-check-helo.html which is included in the package.

License

This package is copyright © 2013 Giam Teck Choon or CHOON.NET, and may be copied according to the GNU GENERAL PUBLIC LICENSE (GPL) Version 2 or a later version. A copy of this license is included with this package. This package comes with no warranty of any kind.

Changes

  • 24 May 2013 GMT+8 : release version 0.01
  • Initial release
  • 25 May 2013 GMT+8 : release version 0.02
  • Add define macro MAX_DNSIP_RECORDS default to 10 if not define and update function check_hostname to have this limit
  • 30 May 2013 GMT+8 : release version 0.03
  • Fix plugin-check-helo.html
  • spec: Update and bump to version 0.03
  • Update plugin-check-helo.html
  • Update README
  • Add match_ipv4 function, implement $HELO_CHECK_REMOTEIP and $HELO_CHECK_REMOTEIP_MATCH
  • Add init_HostDNSIP function, redo struct HostDNSIP and free_HostDNSIP function
  • Implement support environment variable $HELO_CHECK_VERBOSE
  • 31 May 2013 GMT+8 : release version 0.04
  • Fix typo in resp.number to 421 instead of 451 if $HELO_CHECK_DEFER is set
  • Change return value in check_hostname function to actual ret value instead of 0
  • If ret == EAI_MEMORY return Out of Memory error in response in function response *sender besides int outofmemory greater than 0
  • If resp.number is greater than 0 and ret == EAI_NONAME, defer or reject accordingly in function response *sender otherwise defer the mail for remote MTA to retry later as failsafe
  • 07 Jun 2013 GMT+8 : release version 0.05
  • Change response numbers for defer (451) and reject (553) to follow what we used for rblsmtpd instead
  • Add support to skip this plugin if $RBLSMTPD is set and empty
  • Various bugs fixed mainly due to str_free() those not suppose to for static str declarations
  • Rename declaration of str errormsg to str estr
  • 23 Jun 2013 GMT+8 : release version 0.06
  • Add new define elogerr function and simplified those printing to stderr log
  • Change coding style to 2 spacing instead of using TAB as there is no reason to follow kernel coding style
  • Add $HELO_CHECK_PTR_MATCH support
  • Add $HELO_CHECK_ADD_HEADER support
  • Update README and plugin-check-helo.html
  • 07 Aug 2013 GMT+8 : release version 0.07
  • Fix typo in plugin-check-helo.html
  • Fix another typo in plugin-check-helo.html
  • Update Makefile
  • Update Makefile again
  • Add IPv6 support
  • Update doc and spec file
  • spec file: Add BuildRequires: libowfat-devel >= 0.29 and Requires: libowfat-shared
  • 19 Mar 2019 GMT+8 : release version 0.08
  • Remove plugin-check-helo.html
  • Update Makefile to remove libowfat dependencies
  • Update README and CHANGES
  • spec file: Remove BuildRequires: libowfat-devel and Requires: libowfat-shared
  • Update spec

Download

  • 0.01 md5sum 492f4f3c32cd60f3d0ee15e6bc1170d8
  • 0.02 md5sum f1588629f2add4e32d425ecad5aeece6
  • 0.03 md5sum ab6804f94ba06852900e1c2052d8d0c9
  • 0.04 md5sum f4356d449bf17ddec3f83eda94c8b4ad
  • 0.05 md5sum b78c2d82e25006acdbb7e8bdc96e6fd6
  • 0.06 md5sum 6f84c962a86cd3cd244b603b7c4cbcc7
  • 0.07 md5sum 78437922f0693215da77204ead27b27f
  • 0.08 md5sum 9c32da1545be9698185625a0cc46530c