##########################################################
# Defense in Depth - Anti-SPAM for sendmail environments #
# by David Bank --> http://dave.trianglenug.org          #
##########################################################
# Code Example #2 - Perl - MIMEDefang - filter_helo()    #
##########################################################

sub filter_helo
	{
	# Read parameters passed to function
	my($ip, $helo)=@_;

	# Search the list of our hosts using the $ip argument
	if ( exists($OurHosts{$ip}) )
		{
		# The connecting host is our own host, don't bother checking further
		return('CONTINUE', 'ok');
		}

	# The connecting host is foreign, examine its HELO for fraud
	if ($helo =~ /^(\[?)(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(\]?)$/ )
		{
		# HELO looks like an IP - the comparison will split the string
		#	into 3 variables; $1 will have [ or be undefined, $2 will
		#	have the IP address without any brackets; $3 will have
		#	] or be undefined

		# The IP address portion should *not* be identical to the original
		#	HELO string - if it is, the original HELO lacked brackets
		if ( $2 eq $helo )
			{
			# Reject connection - invalid HELO
			return('REJECT', "$helo is not a valid HELO");
			}
		# Since the HELO was an IP address, it should match the IP of
		#	the connecting host
		if ( $2 ne $ip )
			{
			# HELO does not match actual IP - fraudulent HELO
			return('REJECT', "FRAUDULENT HELO: $helo is not $ip");
			}
			# End of IF
		}
	else
		{
		# HELO looks like a host name string

		# If the HELO is an FQDN, it will contain a "."
		if ( index($helo, '.') == -1 )
			{
			# HELO is not an FQDN
			return ('REJECT', "INVALID HELO: $helo not FQDN");
			}
		# HELO should not contain "localhost"
		if ($helo =~ /localhost/i)
			{
			# The HELO contains "localhost"
			return('REJECT', "INVALID HELO: $helo not valid identification");
			}
			# End of IF
		}
		# End of IF

	# If we got to here, the HELO was reasonable
	return('CONTINUE', 'ok');
	}
	# End of sub filter_helo