/* HELO consistency checker
   Copyright (C) 2006, 2007 Jan Rafaj

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 3, or (at your option)
   any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>. */

#require is_ip
#require dns

const HELO_SUCCESS      0
const HELO_MYIP         1  #  ARG is our IP address.                       
const HELO_IPNOMATCH    2  #  ARG is an IP, but it does not match the remote 
                           #  party IP address.
const HELO_ARGNORESOLVE 3  #  ARG is an IP, but it does not resolve.       
const HELO_ARGNOIP      4  #  ARG is in square brackets, but it is not an 
                           #  IP address.
const HELO_ARGINVALID   5  #  ARG is not an IP address and does not resolve 
                           #  to one.
const HELO_MYSERVERIP   6  #  ARG resolves to our server IP.               
const HELO_IPMISMATCH   7  #  ARG does not resolve to the remote client 
                           #  IP address

#pragma regex push +extended

func __domainof(string arg) returns string
do
    if %arg matches '[^.]+\.(.*)'
	return \1
    else
        return %arg
    fi
done

func heloarg_test(string arg, string remote_ip, string local_ip)
     returns number
do
    string helo_arg
    number heloarg_must_be_ip
    
    set helo_arg %arg
    set heloarg_must_be_ip 0

    if %arg matches '^\[(.*)\]$'
        set helo_arg "\1"
        set heloarg_must_be_ip 1
    fi

    if is_ip (%helo_arg)
        if (%helo_arg = %local_ip and %local_ip != %remote_ip)
            # `HELO' arg may not be this server's IP
            return HELO_MYIP 
        elif %helo_arg != %remote_ip
            # `HELO' arg does not match remote server's IP
            return HELO_IPNOMATCH
        elif (%heloarg_must_be_ip = 0
              and hostname %helo_arg = %helo_arg)
            # `HELO' arg not in brackets and doesnt resolve
            return HELO_ARGNORESOLVE
        else
            return HELO_SUCCESS
        fi
    elif %heloarg_must_be_ip = 1
        # `HELO' arg in brackets is not an IP
        return HELO_ARGNOIP
    elif ismx(%helo_arg, %remote_ip) 
         or __domainof(hostname(%remote_ip)) = %helo_arg
        return HELO_SUCCESS
    elif (resolve %helo_arg = "0")
         # `HELO' arg does not resolve to an IP
         return HELO_ARGINVALID 
    elif (%helo_arg = hostname %local_ip
          and %local_ip != %remote_ip)
         # `HELO' arg may not be this server's hostname
         return HELO_MYSERVERIP
    elif (resolve %helo_arg != %remote_ip
          and hostname %remote_ip != %helo_arg)
          # `HELO' arg does not resolve to remote server's IP nor to its 
          # domain
          return HELO_IPMISMATCH
    else
          return HELO_SUCCESS
    fi
done

#pragma regex pop