On Mon, 26 Jul 2010, Robert Spier wrote: > > On Sun, 25 Jul 2010, Robert Spier wrote: > > > > > I've committed this as ab7c2601f0740fac1c3c117e7e5c0a5690348194. > > > > > > I'm not 100% sure it's a good idea, but I think it's mostly a good > > > thing. > > > > What are your reservations? > > > > I don't think it would ever be acceptable for the fromhost to be > > resolvable only when the server's default domain is appended as suffix. > > And as reported, the current code is exploitable, and Jesper claimed to > > see it being exploited (but I am skeptical - is a spambot really injecting > > mail to u...@localhost.localdomain direct to his server?). > > Internal systems to companies might not use fully qualified names when > exchanging mail. I suspect that's not the common use case for > qpsmtpd, or for mailservers, so shouldn't be a big deal.
Would those also be using require_resolvable_fromhost plugin for internal network SMTP mail? Personally I think anyway using: From: per...@workstationx should have very low expectation of reliable mail transport. > > > > > > Charlie - It would be great if you could send patches instead of > > > "suggestions". > > > > It wasn't my suggestion - I was just relaying it. But point taken. > > > > > -R > > > > > > > > > Charlie Brady wrote: > > > > > > > > > > > > http://bugs.contribs.org/show_bug.cgi?id=5808 > > > > > > > > Jesper Knudsen 2010-03-01 01:29:10 MST > > > > > > > > When using the require_resolvable_fromhost plugin for qpsmtpd I noticed > > > > that mails from u...@localhost.localdomain was actually getting through > > > > this filter. I finally found out that the plugin has a bug that causes > > > > it > > > > to insert default search path if it cannot find the domain. This means > > > > in > > > > my case that localhost.localdomain was then tried resolved as > > > > localhost.localdomain.swerts-knudsen.dk and since I have a wilcard > > > > CNAME > > > > was resolved as my public IP. > > > > > > > > Since this plugin is only enabled for public interface the fix is to > > > > set > > > > the "dnsrch" flag when creating the Net::DNS object. > > > > > > > > In require_resolvable_fromhost: > > > > my $res = Net::DNS::Resolver->new ( > > > > dnsrch => 0 > > > > ); > > > >
