def _check_helo(relay):
helo = relay.get("helo")
try:
helo_ipv4 = ipaddress.IPv4Address(helo)
except ValueError:
helo_ipv4 = None
if helo and helo_ipv4 and not IP_PRIVATE.match(helo):
return True
return False
def check_for_sender_no_reverse(self, msg, option=None, target=None):
"""Check if the apparent sender (in the last received header) had
no reverse lookup for it's IP
Look for headers like:
Received: from mx1.eudoramail.com ([204.32.147.84])"""
srcvd = None
if msg.untrusted_relays:
srcvd = msg.untrusted_relays[-1]
if not srcvd:
return False
if "." not in srcvd.get("rdns"):
return False
if IP_PRIVATE.match(srcvd.get("ip")):
return False
return True
def _check_for_forged_received(self, msg):
mismatch_from = 0
mismatch_ip_helo = 0
hostname_re = Regex(r"^\w+(?:[\w.-]+\.)+\w+$")
ip_re = Regex(r"^(\d+\.\d+)\.\d+\.\d+")
for index, relay in enumerate(msg.untrusted_relays):
from_ip = relay.get("ip")
from_host = self.hostname_to_domain(relay.get("rdns"))
by_host = self.hostname_to_domain(relay.get("by"))
helo_host = self.hostname_to_domain(relay.get("helo"))
if not by_host or not hostname_re.match(by_host):
continue
if from_host and from_ip == '127.0.0.1':
from_host = "undef"
self.ctxt.log.debug("eval: forged-HELO: from=%s helo=%s by=%s" % (
from_host if from_host else "(undef)",
helo_host if helo_host else "(undef)",
by_host if by_host else "(undef)"
))
try:
ip_netmask_16 = ipaddress.IPv4Network(from_ip).supernet(16)
except ValueError:
ip_netmask_16 = ""
try:
helo_netmask_16 = ipaddress.IPv4Network(helo_host).supernet(16)
except ValueError:
helo_netmask_16 = ""
if ip_netmask_16 and helo_netmask_16 and from_ip != helo_host:
if (ip_netmask_16 != helo_netmask_16 and
not IP_PRIVATE.match(helo_host)):
self.ctxt.log.debug("eval: forged-HELO: massive mismatch "
"on IP-addr HELO: %s != %s" %
(helo_host, from_ip))
mismatch_ip_helo += 1
prev = msg.untrusted_relays[index - 1]
if prev and index > 0:
prev_from_host = prev.get("rdns")
if (hostname_re.match(prev_from_host)
and by_host != prev_from_host
and not self._helo_forgery_whitelisted(by_host,
prev_from_host)):
self.ctxt.log.debug("eval: forged-HELO: mismatch on from: "
"%s != %s" % (prev_from_host, by_host))
mismatch_from += 1
self.set_global("mismatch_from", mismatch_from)
self.set_global("mismatch_ip_helo", mismatch_ip_helo)
def check_for_no_rdns_dotcom_helo(self, msg, option=None, target=None):
"""Check untrusted relays and verify if latest relay it has helo from
a big email provider like lycos, hotmail, excite, caramail, cs, aol,
msn, yahoo, drizzle"""
no_rdns_dotcom_helo = False
for relay in msg.untrusted_relays:
if IP_PRIVATE.match(relay.get("ip")):
continue
from_host = relay.get("rdns")
helo_host = relay.get("helo")
if not helo_host:
continue
no_rdns_dotcom_helo = False
big_isp_re = Regex(
r".*(?:\.|^)(lycos\.com|lycos\.co\.uk|hotmail\.com"
r"|localhost\.com|excite\.com|caramail\.com|"
r"cs\.com|aol\.com|msn\.com|yahoo\.com|"
r"drizzle\.com)$")
if big_isp_re.match(helo_host):
if not from_host:
no_rdns_dotcom_helo = True
return no_rdns_dotcom_helo
