[Bug 4242] [review] FN on URIBL_SBL when NS for URI is IP not hostname

5 Apr 2005 07:15:22 -0000 

http://bugzilla.spamassassin.org/show_bug.cgi?id=4242





------- Additional Comments From [EMAIL PROTECTED]  2005-04-05 00:15 -------
This isn't a patch but following changes to
 
./lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm

work:

# Suck in the constants:

+use Mail::SpamAssassin::Constants qw(:ip);
 use Mail::SpamAssassin::Plugin;
 use Mail::SpamAssassin::Util;
 use strict;
 use bytes;
  
 use vars qw(@ISA);
 @ISA = qw(Mail::SpamAssassin::Plugin);
  
 use constant LOG_COMPLETION_TIMES => 0;

# assign the constant values to some variables with same name
# These need to be defined outside of subroutines, not sure why. Just putting
constant identifier inside regexs doesn't work.

+
+my $IPV4_ADDRESS = IPV4_ADDRESS;
+my $LOCALHOST = LOCALHOST;
+my $IP_IN_RESERVED_RANGE = IP_IN_RESERVED_RANGE;

# replace lookup_a_record always with:
# If it looks like an IP address do uribl lookup straightaway otherwise 
# get A records and then do uribl 
# Also exclude some A (localhost etc) records that needn't be looked up in sbl.

     if ($str =~ /IN\s+NS\s+(\S+)/) {
-      $self->lookup_a_record($scanstate, $ent->{obj}, $1);
+      my $nsmatch = $1;
+
+      $nsmatch =~ s/\.$//;
+      if( $nsmatch =~ /^${IPV4_ADDRESS}$/ && $nsmatch !~
/${IP_IN_RESERVED_RANGE}/ && $nsmatch !~ /^${LOCALHOST}$/ ) {
+        $self->lookup_dnsbl_for_ip($scanstate, $ent->{obj}, $nsmatch);
+      }
+      else {
+        $self->lookup_a_record($scanstate, $ent->{obj}, $nsmatch);
+      }
     }

Note on some constants used from Constants.pm :

IP_IN_RESERVED_RANGE already has a ^ anchoring searchs to start
LOCALHOST needs ^ $ otherwise a single '1' anywhere will match the IPv6 pattern
IPV4_ADDRESS is used instead of IP_ADDRESS_LOOSE as only IPV4 addresses are
listed in sbl.spamhaus.org.  This may change.  If use IP_ADDRESS_LOOSE will
match IPv4 mapped in IPv6.  This won't be listed in sbl.  Can we extract the
IPv4 address from the IPv4 mapped in IPv6 and test this against sbl ?

Yes the IP NS records are a misconfiguration.  But many domains in spam whose
nameservers records if properly configured would be detected as being in sbl are
being missed due to the (deliberate?) misconfiguration and suggested patch will
correct this.



------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

Reply via email to