http://bugzilla.spamassassin.org/show_bug.cgi?id=3997
------- Additional Comments From [EMAIL PROTECTED] 2005-04-12 19:57 ------- I'm not sure I'm comfortable with a 1 in 65K chance of error. Daniels results showed roughly one error for every two thousand messages processed. With no synchronization between the 16 bit IDs used, that would mean about one error per 130,000,000 messages. And with the patch that doesn't allow bogus A records, from Daniel's results it looks like another about factor of ten reduction of errors. Well, I guess that a one in a billion messages chance of one DNSURIBL false positive isn't all that bad :-) But to eliminate even that, all we have to do is make a 32 bit hash of the data in the query that appears in the question section of the reply, the process id, and a counter. Put the low order 16 bits of the hash in the packet header ID field, and then store a 32 bit number in association with the socket, not a a 16 bit number like I was suggesting. Now after the read or bgread we can check that the ID matches the low order 16 bits, reject if it doesn't match, then comppute the hash and verify that all 32 bits match. That costs two 32 bit functions and four bytes of memory per DNS query. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
