How does one compare substrings?

08/05/2007, 01h11

Hi,

I can't seem to figure out how to compare substrings. What I want to
do is this:

1) put the sender's domain into the workspace
2) see if the domain matches anything in a class
3) if it does match, see if that domain name matches the domain name
part of the HELO / EHLO string

The problem is that if the sender's domain is in the workspace, I
don't know how to see if matches just the end of the HELO / EHLO
string. If the domain part of the HELO / EHLO string is in the
workspace, I don't know how to compare that with just the domain part
of the sender's address.

A temporary variable would do, as would a macro which defines either
the sender's domain (alone) or the domain part of the HELO / EHLO
string.

Does anyone have any hints about how I can do this? My motivation is
to have a list of domains from which mail will only be accepted if the
HELO / EHLO also matches that domain, plus the reverse DNS resolves,
matches the domain, and resolves in the forward direction as well.
These would be domains such as paypal.com, westernunion.com,
bankofamerica.com, and so on. These domains do not give out email
addresses, and when they send email they send from servers which have
the domain name in the HELO / EHLO and in reverse DNS, so I have a
feeling that I'll cut down on 90% of phishing just by adding this
test.

Thanks,
John Klos

08/05/2007, 22h18

In article <1178583093.206527.286610@y80g2000hsf.googlegroups .com> John
Klos <john.klos@gmail.com> writes:
>
>I can't seem to figure out how to compare substrings. What I want to
>do is this:
>
>1) put the sender's domain into the workspace
>2) see if the domain matches anything in a class
>3) if it does match, see if that domain name matches the domain name
>part of the HELO / EHLO string
>
>The problem is that if the sender's domain is in the workspace, I
>don't know how to see if matches just the end of the HELO / EHLO
>string. If the domain part of the HELO / EHLO string is in the
>workspace, I don't know how to compare that with just the domain part
>of the sender's address.
>
>A temporary variable would do, as would a macro which defines either
>the sender's domain (alone) or the domain part of the HELO / EHLO
>string.

You can define macros on the fly with the 'macro' map type - this is
probably the simplest way, even if not exactly "simple".

--Per Hedeland
per@hedeland.org

09/05/2007, 01h45

On May 8, 5:18 pm, p...@hedeland.org (Per Hedeland) wrote:
> In article <1178583093.206527.286...@y80g2000hsf.googlegroups .com> John
>
>
>
> Klos <john.k...@gmail.com> writes:
>
> >I can't seem to figure out how to compare substrings. What I want to
> >do is this:
>
> >1) put the sender's domain into the workspace
> >2) see if the domain matches anything in a class
> >3) if it does match, see if that domain name matches the domain name
> >part of the HELO / EHLO string
>
> >The problem is that if the sender's domain is in the workspace, I
> >don't know how to see if matches just the end of the HELO / EHLO
> >string. If the domain part of the HELO / EHLO string is in the
> >workspace, I don't know how to compare that with just the domain part
> >of the sender's address.
>
> >A temporary variable would do, as would a macro which defines either
> >the sender's domain (alone) or the domain part of the HELO / EHLO
> >string.
>
> You can define macros on the fly with the 'macro' map type - this is
> probably the simplest way, even if not exactly "simple".
>
> --Per Hedeland
> p...@hedeland.org

For less simple, see compare map patch

http://www.jmaimon.com/sendmail
http://jmaimon.com/sendmail/#comparemap
http://jmaimon.com/sendmail/patches/...v2.81304.patch

09/05/2007, 13h47

On May 7, 8:11 pm, John Klos <john.k...@gmail.com> wrote:
> Hi,

> My motivation is
> to have a list of domains from which mail will only be accepted if the
> HELO / EHLO also matches that domain, plus the reverse DNS resolves,
> matches the domain, and resolves in the forward direction as well.
> These would be domains such as paypal.com, westernunion.com,
> bankofamerica.com, and so on. These domains do not give out email
> addresses, and when they send email they send from servers which have
> the domain name in the HELO / EHLO and in reverse DNS, so I have a
> feeling that I'll cut down on 90% of phishing just by adding this
> test.
>

If this is your goal, it is better acheived by adding support for
verifying domainkeys/senderid/spf to your mailsystem.

At least, for those domains that use those schemes.

Furthermore, since users dont neccessarily care or notice what the
rfc822 from address is, let alone what the envelope address, ymmv.

phishing is sophisticated enough to snare users simply by looking like
mail they get everyday from the "institution" and the resulting web
page they go to also looks 100% legitimate, except for some url
strings.

> Thanks,
> John Klos

08/05/2007, 01h11	#1
John Klos Messages: n/a Hébergeur:	How does one compare substrings? Hi, I can't seem to figure out how to compare substrings. What I want to do is this: 1) put the sender's domain into the workspace 2) see if the domain matches anything in a class 3) if it does match, see if that domain name matches the domain name part of the HELO / EHLO string The problem is that if the sender's domain is in the workspace, I don't know how to see if matches just the end of the HELO / EHLO string. If the domain part of the HELO / EHLO string is in the workspace, I don't know how to compare that with just the domain part of the sender's address. A temporary variable would do, as would a macro which defines either the sender's domain (alone) or the domain part of the HELO / EHLO string. Does anyone have any hints about how I can do this? My motivation is to have a list of domains from which mail will only be accepted if the HELO / EHLO also matches that domain, plus the reverse DNS resolves, matches the domain, and resolves in the forward direction as well. These would be domains such as paypal.com, westernunion.com, bankofamerica.com, and so on. These domains do not give out email addresses, and when they send email they send from servers which have the domain name in the HELO / EHLO and in reverse DNS, so I have a feeling that I'll cut down on 90% of phishing just by adding this test. Thanks, John Klos

08/05/2007, 22h18	#2
Per Hedeland Messages: n/a Hébergeur:	Re: How does one compare substrings? In article <1178583093.206527.286610@y80g2000hsf.googlegroups .com> John Klos <john.klos@gmail.com> writes: > >I can't seem to figure out how to compare substrings. What I want to >do is this: > >1) put the sender's domain into the workspace >2) see if the domain matches anything in a class >3) if it does match, see if that domain name matches the domain name >part of the HELO / EHLO string > >The problem is that if the sender's domain is in the workspace, I >don't know how to see if matches just the end of the HELO / EHLO >string. If the domain part of the HELO / EHLO string is in the >workspace, I don't know how to compare that with just the domain part >of the sender's address. > >A temporary variable would do, as would a macro which defines either >the sender's domain (alone) or the domain part of the HELO / EHLO >string. You can define macros on the fly with the 'macro' map type - this is probably the simplest way, even if not exactly "simple". --Per Hedeland per@hedeland.org

09/05/2007, 01h45	#3
jmaimon@ttec.com Messages: n/a Hébergeur:	Re: How does one compare substrings? On May 8, 5:18 pm, p...@hedeland.org (Per Hedeland) wrote: > In article <1178583093.206527.286...@y80g2000hsf.googlegroups .com> John > > > > Klos <john.k...@gmail.com> writes: > > >I can't seem to figure out how to compare substrings. What I want to > >do is this: > > >1) put the sender's domain into the workspace > >2) see if the domain matches anything in a class > >3) if it does match, see if that domain name matches the domain name > >part of the HELO / EHLO string > > >The problem is that if the sender's domain is in the workspace, I > >don't know how to see if matches just the end of the HELO / EHLO > >string. If the domain part of the HELO / EHLO string is in the > >workspace, I don't know how to compare that with just the domain part > >of the sender's address. > > >A temporary variable would do, as would a macro which defines either > >the sender's domain (alone) or the domain part of the HELO / EHLO > >string. > > You can define macros on the fly with the 'macro' map type - this is > probably the simplest way, even if not exactly "simple". > > --Per Hedeland > p...@hedeland.org For less simple, see compare map patch http://www.jmaimon.com/sendmail http://jmaimon.com/sendmail/#comparemap http://jmaimon.com/sendmail/patches/...v2.81304.patch

09/05/2007, 13h47	#4
jmaimon@ttec.com Messages: n/a Hébergeur:	Re: How does one compare substrings? On May 7, 8:11 pm, John Klos <john.k...@gmail.com> wrote: > Hi, > My motivation is > to have a list of domains from which mail will only be accepted if the > HELO / EHLO also matches that domain, plus the reverse DNS resolves, > matches the domain, and resolves in the forward direction as well. > These would be domains such as paypal.com, westernunion.com, > bankofamerica.com, and so on. These domains do not give out email > addresses, and when they send email they send from servers which have > the domain name in the HELO / EHLO and in reverse DNS, so I have a > feeling that I'll cut down on 90% of phishing just by adding this > test. > If this is your goal, it is better acheived by adding support for verifying domainkeys/senderid/spf to your mailsystem. At least, for those domains that use those schemes. Furthermore, since users dont neccessarily care or notice what the rfc822 from address is, let alone what the envelope address, ymmv. phishing is sophisticated enough to snare users simply by looking like mail they get everyday from the "institution" and the resulting web page they go to also looks 100% legitimate, except for some url strings. > Thanks, > John Klos

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email