Two DNSBL bugs?

No Name M.Ray at ULCC.AC.UK
Thu Aug 21 19:23:01 IST 2003 

I'm just starting with MailScanner (currently testing 4.22), and I
think I've found a couple of bugs.  A quick peek at 4.23 suggests
they're still present there too.

Firstly, there appears to be a bug in Exim.pm which breaks DNSBL lookups
for Exim.  This is rather surprising, because surely people would
have noticed?  Or is everyone leaving DNSBL lookups to SpamAssassin?
Anyway: ReadQf reads Exim's queue file and, among other things, sets
$message->{clientip} from the value of the '-host_address' attribute
in the queue file.  But somewhere between versions 3.13 and 3.34 of
Exim, the format of this changed to include the remote port number -
so you'll get lines like:

-host_address 192.168.1.2.12345

Clearly a DNS lookup on 12345.2.1.168.192.rbl-plus.mail-abuse.ja.net
(or whatever) isn't going to give you the right result!

In order to maintain compatibility with both old and new Exims, I
suggest this fix:

--- Exim.pm.dist        Thu Jul  3 16:36:32 2003
+++ Exim.pm     Thu Aug 21 19:00:55 2003
@@ -311,6 +311,7 @@
                    defined $metadata{dv_host_address})?
                      $metadata{dv_host_address}:
                      "127.0.0.1";
+  $message->{clientip} =~ s/^(\d+\.\d+\.\d+\.\d+)(\..*)?/$1/;

   # Deal with b-tree of non-recipients
   $metadata{nonrcpts} = {};

Secondly, RBLs.pm makes an assumption about the format of DNSBL
results which is invalid for at least one well-known service.
Here's the check it uses:

        if ($RBLEntry =~ /^127\.[01]\.0\.[123456789]+$/) {

Note the lack of a zero in the last character class.  MAPS RBL+
returns 127.1.0.10 when the address is in both the DUL and OPS.  If the
omission of the zero is because you don't want to match '127.0.0.0'
(why not?), you could use this fix:

--- RBLs.pm.dist        Thu Jul  3 16:36:32 2003
+++ RBLs.pm     Thu Aug 21 19:05:30 2003
@@ -134,7 +134,7 @@
                                 MailScanner::Config::SpamLists($SpamName));
       if ($RBLEntry) {
         $RBLEntry = Socket::inet_ntoa($RBLEntry);
-        if ($RBLEntry =~ /^127\.[01]\.0\.[123456789]+$/) {
+        if ($RBLEntry =~ /^127\.[01]\.0\.[123456789]\d*$/) {
           # Got a hit!
           $IsSpam = 1;
           print $pipe "Hit\n";

More information about the MailScanner mailing list