Plugin: check-helo

This plugin provides an ability to reject, defer or add it's helo name checking results to message header.

IMPORTANT: This plugin is written for and tested with mailfront 2.00 but should work with version 1.12 and above.

Configuration

$HELO_CHECK_REJECT

If set, sender's mail will be rejected with repy code 554. This take preference of $HELO_CHECK_DEFER.

$HELO_CHECK_DEFER

If set, sender's mail will be deferred with repy code 421.

$HELO_CHECK_SKIP

If set, this plugin will be skipped.

$RELAYCLIENT

If set, this plugin will be skipped.

$HELO_CHECK_REMOTEHOST

If set, this plugin will check helo hostname and remotehost whether both are the same otherwise add headers or defer or reject accordingly.

$HELO_CHECK_PTR

If set, this plugin will make sure the PTR record resolves to the same given helo name. If this is not set, this plugin will only check for PTR record of the given helo name's IP exists.

DEFAULT

If all the mentioned variables not set and sender is not authenticated, this plugin will add it's helo name checking in each message header.

Sender Action

When sender issue HELO command, this plugin will set the environment variable $SENDER_HELO_HOSTNAME to the sender given helo name and do it's helo checking.

The following will be rejected, deferred or add to message headers accordingly to the environment variables configuration:

HELO (empty)
HELO localhost (without a period)
HELO .com (starts with a period)
HELO fake.com. (ends with a period)
HELO !@#$%^&* (characters not normally allowed in domain names)
HELO [192.168.1.1] (starts with [ or ends with ])
HELO 192.168.1.1 (IPv4 Address not allowed)

If $HELO_CHECK_REMOTEHOST is set, then the helo name must match the remotehost name.

Recipient Action

None

Data Action

If $HELO_CHECK_REJECT or $HELO_CHECK_DEFER not set, this plugin will add it's helo name checking result to the message header otherwise it will reject or defer accordingly if sender is not authenticated. 

X-HELO-Check-Result: PASSED
X-HELO-Check-Summary: There is 1 A record for sender_helo_name, 1 PTR record and 1 PTR record resolves to the same hostname.

This plugin will log to stderr as an example below:

mailfront-plugin-check-helo[pid]: Start checking heloname=sender_helo_name
mailfront-plugin-check-helo[pid]: ip[0]=sender_ip ptr[0]=sender_hostname_from_ptr_lookup ptr=YES||NO check=PASSED||FAILED

NOTE: If ip[N] and ptr[N] are the same means PTR DNS lookup for the ip failed.

Message Action

None