https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6668
--- Comment #15 from Darxus <[email protected]> 2011-10-04 21:13:11 UTC --- (In reply to comment #14) > > I don't understand why you say that. It's just another way of handing a > > 127.0.0.255 within spamassassin. So as far as RBLs and WLs are concerned > > it's > > still just an implementation of providing a .255 response for users who are > > over limit. > > Because to me 255 is a legitimate bit mask for a valid response. I was providing an example (127.0.0.255), not suggesting that value always be treated this way. I think it would be necessary to create another eval thing to define a regex for each RBL. > > As an example, say an email provider is using spamassassin to filter > > millions > > of emails a day. Some of the rules (RCVD_IN_XBL, RCVD_IN_PBL, RCVD_IN_SBL) > > cause queries is to zen.spamhaus.org. That being over their free use > > threshold, they start returning (only) 127.0.0.255 for all queries, to > > indicate > > the over limit condition. SpamAssassin notices the 127.0.0.255 value, and > > stops running all rules that hit zen.spamhaus.org. > > Zen, according to their docs, does not issue a .255. See > http://www.spamhaus.org/faq/answers.lasso?section=DNSBL%20Usage#200 Right, just providing an example. > In short, an error bitmask will have YEARS of lag in getting an error code in > place for RBLs. For all of them, yes. > > How is that a DoS ready to happen? Are we having another misunderstanding > > here? > > I just see that as an avenue to figure out how to trick your system into > getting a DNS response that changes SA not to query an RBL in order to get all > my Spam through. With the number of DNS servers that change responses, this > doesn't sound that hard. Sounds hard to me (to use this to cause a DoS). > If DNSWL needs another public mirror, have them email me. I'll let them know. If I don't get any positive responses within a couple days, I'll close this (or someone else can feel free). -- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
