https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5264
--- Comment #9 from Mark Martinec <[email protected]> 2010-03-29 17:31:09 UTC --- Created an attachment (id=4722) --> (https://issues.apache.org/SpamAssassin/attachment.cgi?id=4722) Implements configuring permitted/avoided ports ranges The patch implements three new configurations directives, along with corresponding logic. It is modeled after the config directives for the 'unbound' DNS resolver (NLnet Labs, http://www.unbound.net/ ) >From the Mail::SpamAssassin::Conf documentation: =item dns_local_ports_permit ranges... Add the specified ports or ports ranges to the set of allowed port numbers that can be used as local port numbers when sending DNS queries to a resolver. The argument is a whitespace-separated or a comma-separated list of single port numbers n, or port number pairs (i.e. m-n) delimited by a '-', representing a range. Allowed port numbers are between 1 and 65535. Directives I<dns_local_ports_permit> and I<dns_local_ports_avoid> are processed in order in which they appear in configuration files. Each directive adds (or subtracts) its subsets of ports to a current set of available ports. Whatever is left in the set by the end of configuration processing is made available to a DNS resolving client code. If the resulting set of port numbers is empty (see also the directive I<dns_local_ports_none>), then SpamAssassin does not apply its ports randomization logic, but instead leaves the operating system to choose a suitable free local port number. The initial set consists of all port numbers in the range 1024-65535. Note that system config files already modify the set and remove all the IANA registered port numbers and some other ranges, so there is rarely a need to adjust the ranges by site-specific directives. See also directives I<dns_local_ports_permit> and I<dns_local_ports_none>. =item dns_local_ports_avoid ranges... Remove specified ports or ports ranges from the set of allowed port numbers that can be used as local port numbers when sending DNS queries to a resolver. Please see directive I<dns_local_ports_permit> for details. =item dns_local_ports_none Is a comfortable and faster-to-execute shorthand for: dns_local_ports_avoid 1-65535 leaving the set of available DNS query local port numbers empty. In all respects (apart from speed) it is equivalent to the shown directive, and can be freely mixed with I<dns_local_ports_permit> and I<dns_local_ports_avoid>. If the resulting set of port numbers is empty, then SpamAssassin does not apply its ports randomization logic, but instead leaves the operating system to choose a suitable free local port number. See also directives I<dns_local_ports_permit> and I<dns_local_ports_avoid>. -- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
