Two DNSBL bugs?

Julian Field mailscanner at ecs.soton.ac.uk
Thu Aug 21 19:57:55 IST 2003


I'll give you the second one, I have put the fix into the source tree.
However, the first one isn't quite as simple as you make out. What does
Exim return if the address the IP is an IPv6 address?

At 19:23 21/08/2003, you wrote:
>I'm just starting with MailScanner (currently testing 4.22), and I
>think I've found a couple of bugs.  A quick peek at 4.23 suggests
>they're still present there too.
>
>Firstly, there appears to be a bug in Exim.pm which breaks DNSBL lookups
>for Exim.  This is rather surprising, because surely people would
>have noticed?  Or is everyone leaving DNSBL lookups to SpamAssassin?
>Anyway: ReadQf reads Exim's queue file and, among other things, sets
>$message->{clientip} from the value of the '-host_address' attribute
>in the queue file.  But somewhere between versions 3.13 and 3.34 of
>Exim, the format of this changed to include the remote port number -
>so you'll get lines like:
>
>-host_address 192.168.1.2.12345
>
>Clearly a DNS lookup on 12345.2.1.168.192.rbl-plus.mail-abuse.ja.net
>(or whatever) isn't going to give you the right result!
>
>In order to maintain compatibility with both old and new Exims, I
>suggest this fix:
>
>--- Exim.pm.dist        Thu Jul  3 16:36:32 2003
>+++ Exim.pm     Thu Aug 21 19:00:55 2003
>@@ -311,6 +311,7 @@
>                     defined $metadata{dv_host_address})?
>                       $metadata{dv_host_address}:
>                       "127.0.0.1";
>+  $message->{clientip} =~ s/^(\d+\.\d+\.\d+\.\d+)(\..*)?/$1/;
>
>    # Deal with b-tree of non-recipients
>    $metadata{nonrcpts} = {};
>
>Secondly, RBLs.pm makes an assumption about the format of DNSBL
>results which is invalid for at least one well-known service.
>Here's the check it uses:
>
>         if ($RBLEntry =~ /^127\.[01]\.0\.[123456789]+$/) {
>
>Note the lack of a zero in the last character class.  MAPS RBL+
>returns 127.1.0.10 when the address is in both the DUL and OPS.  If the
>omission of the zero is because you don't want to match '127.0.0.0'
>(why not?), you could use this fix:
>
>--- RBLs.pm.dist        Thu Jul  3 16:36:32 2003
>+++ RBLs.pm     Thu Aug 21 19:05:30 2003
>@@ -134,7 +134,7 @@
>                                  MailScanner::Config::SpamLists($SpamName));
>        if ($RBLEntry) {
>          $RBLEntry = Socket::inet_ntoa($RBLEntry);
>-        if ($RBLEntry =~ /^127\.[01]\.0\.[123456789]+$/) {
>+        if ($RBLEntry =~ /^127\.[01]\.0\.[123456789]\d*$/) {
>            # Got a hit!
>            $IsSpam = 1;
>            print $pipe "Hit\n";

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support



More information about the MailScanner mailing list