Re: [policyd-users] BLACKLIST_NETBLOCK inserting bogus networks into SQL

Thu, 08 Feb 2007 08:27:26 -0800 

First of all thanks for the answer :)


After looking into mysql query log I found these queries:
>
> INSERT DELAYED INTO blacklist (_blacklist,_description,_expire) VALUES
('
> 84.158.91.91.%','# blacklisted helo: (localhost)',0)
> INSERT DELAYED INTO blacklist (_blacklist,_description,_expire) VALUES
('
> 83.9.216.208.%','# blacklisted helo: (localhost)',0)

fine locks ok to me



What I mean is that it is in a format of XX.XX.XX.XX.% (4 octets + '%').
I believe it should be at most 3 octets + '%' .

I guess the option similar to GREYLIST_HOSTADDR could be added
to specify exact behaviour (number of octets masked).

It seems that spamtrap blacklisting inserts correct records in the blacklist
table
and helo blacklisting inserts these bogus ones. And they both insert correct
ones as long as you don't block netblocks.


I do not believe these are correct as select()s that check the blacklist
> table are in a form resembling:
>
> SELECT COUNT(*) FROM blacklist WHERE _blacklist='83.21.147.98' OR
> _blacklist='83.21.147.%' OR _blacklist='83.21.%.%' OR
_blacklist='83.%.%.%'
>
> which wouldnt match the previous insert()s

is 83.21.147.98 in blacklist at all ?



I was only trying to show that the selects used would never match the
records inserted previously.
Sorry for the confusion.

but atleat if you want to match on 83. alone there is a bug, the select is

imho ok, but results in policyd is not good



I agree, the selects are just fine.

if i remember policyd will only match on /32 and /24 not on /16 and /8 in

that
case its pointless to have the 2 last OR

confusion comes from greylistning ?



I guess it might be worth leaving it this way  - you can always insert
records manually and blocking
/8 and /16 class might be useful.

Cheers

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
policyd-users mailing list
policyd-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/policyd-users

Reply via email to