I was looking at the source for InSpammerBlacklist to see if it would also
work for relays.ordb.org and noticed some possible problems.
ORDB.org uses dns lookups where you translate the ip a.b.c.d into
d.c.b.a.relays.ordb.org, and perform a dns lookup on it, if it resolves,
it's blacklisted. I believe this is the same format that
relays.mail-abuse.org uses, as well as a number of other spam lists.
So I pulled up the InSpammerBlacklist.java file to verify that it is
functioning in this way, and after looking at it for a bit, I don't think
this mailet will catch any spam.
The logic I found in question is
------------------------------------------------------------
StringTokenizer st = new StringTokenizer(host, " .", false);
host = network;
while (st.hasMoreTokens()) {
host = st.nextToken() + ".";
}
//Try to look it up
InetAddress.getByName(host);
------------------------------------------------------------
When I look at this and run it through in my head, there's a couple of
problems I notice.
The first bit I wonder about is that the StringTokenizer is using " .". I'm
not sure if mail.getRemoteAddr(); returns an IP in the format of "127 .0 .0
.2" but I don't think that it would work that way, in which case there wont
be any tokens. Then I noticed that the host doesn't get prepended, it just
gets changed with the next token. It seems that a query against
relays.mail-abuse.org looking for the ip number 10.0.0.1 would build a
string looking like "relays.mail-abuse.org1." which is not likely to resolve
(So nothing will ever hit the spam bucket).
It seems to me that this code might work better like this:
-------------------------------------------------------------
StringBuffer sb = new StringBuffer();
StringTokenizer st = new StringTokenizer(host, ".", false);
while (st.hasMoreTokens()) {
sb.insert(0, st.nextToken() + ".");
}
sb.append(network);
host = sb.toString();
//Try to look it up
InetAddress.getByName(host);
-------------------------------------------------------------
If you do a look up on 2.0.0.127.relays.ordb.org it will resolve for testing
purposes if you want to test my theory.
Clint Goudie
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
