MoinQ:

1. helodnscheck2.c

当面はこれでいく。

環境変数: HELO_DNS_CHECK default: DLR に設定した。

h_errno が non-zero, HOST_NOT_FOUNDでない場合: block_permanent とする。

-- ToshinoriMaeno 2022-05-08 04:43:59

 [default] - deny if HELO doesn't solve to a record  ((--> DLR))
        P - passthrough, don't deny even HELO don't solve to A record
            (of course, use with L and/or H)
        D - deny if TCPREMOTEIP not contained in the addresses solved
        L - log
        H - add header "X-Helo-Check"
        R - if "RELAYCLIENT" is set, don't do anything

1.1. history

@40000000623b9b2539994704 tcpserver: ok 3317 odns.info:153.126.187.246:25 smtp.krebsonsecurity.com:198.251.81.28::39499
@40000000623b9b26148d8b14 helo-dns-check: HELO [krebsonsecurity.com] doesn't match IP [198.251.81.28]
@40000000623b9b26148d8efc helo-dns-check: blocked with: HELO/EHLO command must provide FQDN that match your IP address.

1.2. temporary failed

--> blocked に変更ずみ。

@4000000062734a1e22d3ee84 tcpserver: pid 4722 from 157.52.184.6
@4000000062734a1e23d46e94 tcpserver: ok 4722 odns.info:153.126.187.246:25 resonances.diskpages.com:157.52.184.6::61767
@4000000062734a1e2f9e44fc HELO DNS CHECK temporary failed, but let it go.
@4000000062734a2908206be4 info: pid: 4722 ip: 157.52.184.6 from: info@mobilesuica.com to: tmaeno-dbox@m.qmail.jp count: 1
@4000000062734a292e9bb1ac tcpserver: end 4722 status 0
@4000000062734a292e9bb594 tcpserver: status: 0/4/0

From info@mobilesuica.com Thu May 05 03:53:04 2022
Return-Path: <info@mobilesuica.com>
Delivered-To: ***-dbox@m.qmail.jp
Received: (qmail 11724 invoked from network); 5 May 2022 03:53:04 -0000
Received: from ik1-329-24992.vs.sakura.ne.jp (HELO mx.m.odns.info)
        (153.126.187.246)
        by m.qmail.jp with SMTP; 5 May 2022 03:53:04 -0000
Received: (qmail 4728 invoked from network); 5 May 2022 03:53:03 -0000
Received: from resonances.diskpages.com (HELO mobilesuica.com) (157.52.184.6)
        by odns.info with SMTP; 5 May 2022 03:53:03 -0000
Sender: info@mobilesuica.com
Message-ID: <20220504235303632781@mobilesuica.com>
From: モバイルSuica <info@mobilesuica.com>
To: ***-dbox@m.qmail.jp
Subject: 「モバイルSuica」お支払い情報更新
Date: Wed, 4 May 2022 23:52:58 +0800

1.3. SPFでも拒否に

mobilesuica.com.        66286   IN      TXT     "v=spf1 +ip4:157.71.16.211 +ip4:157.71.16.212/30 +ip4:157.71.16.216/29 +ip4:157.71.16.224/29 +ip4:157.71.16.232 +ip4:124.146.170.8 +ip4:124.146.170.9 +ip4:157.72.65.128/26 +ip4:157.72.64.224/27 -all"


CategoryDns CategoryWatch CategoryTemplate

MoinQ: qmail/spp/badhelo (last edited 2023-06-01 04:24:38 by ToshinoriMaeno)