Norman Maurer wrote:
Am Sonntag, den 30.07.2006, 09:45 +0200 schrieb Vincenzo Gianferrari
Pini:
Noel J. Bergman wrote:
Brian Wellington wrote:
Noel J. Bergman wrote:
adding "domain devtech.com" (see `man resolv.conf`)
to /etc/resolv.conf changed the behavior so that it works:
domain Local domain name.
Most queries for names within this domain can use short
names relative to the local domain. If no domain entry
is present, the domain is determined from the local host
name returned by gethostname(); the domain part is taken
to be everything after the first `.'. Finally, if the
host name does not contain a domain part, the root domain
is assumed.
and picking up the ".com" from my hostname.
The code in dnsjava's ResolverConfig class should be looking at any
"search" or "domain" entries in /etc/resolv.conf, and using them as
DNS searchlist entries; that is, suffixes to append to potentially
non-absolute domain names. I'm not sure why .com would be appended to a
domain name unless there was either a "domain com" or "search com" entry.
That is the question, Brian. There were neither domain nor search entries
in my resolv.conf, only nameserver entries; which is why I quoted the
section from the man page, above. My hostname is devtech.com, which does
have "com" after the first '.' in the hostname. *Now* I have "domain
devtech.com", as the fix, and the spurious ".com" suffix is no longer being
added.
So, if I understood well, the behaviour *before* you add the "domain"
entry in resolv.conf was coherent with what is prescripted in "man
resolv.conf`", as your host name is devtech.com (not xxx.devtech.com),
so dnsjava's ResolverConfig looked for the hostname using gethostname(),
got devtech.com, and as "the domain part is taken to be everything after
the first `.", got ".com" it built the string
"query.bondedsender.org.com". It seems to be the expected behaviour in
dnsjava, isn't it?
And some tricky spammer, knowing this possibly misleading behaviour, has
spoofed "query.bondedsender.org" using a new whitelist
"query.bondedsender.org.com" that lists the IPs he uses to send spam!
You've figured out the problem, and there's nothing wrong in dnsjava
here, right?
I'll agree that I should've had a domain entry to counter-balance the
hostname, as described above. But it sounds from your description as if you
want to at least check dnsjava to see how the .com was getting added, since
there seems to be some question as to what did it.
But it seems that dnsjava is behaving ok, or not? In the positive case
it should be a James concern to avoid falling in this trick, adding a
'.' at the end of the whitelist (and blacklist) domain name strings
before calling lookup, or even better putting a '.' at the end of the
names available in the tock configuration files, with a warning
explaining it.
Vincenzo
So i understand right that you want to append a "." on the end of any
"entry" you want to lookup ? So if we build the address to lookup this
will happen:
1.0.0.127.bl.spamcop.net -> 1.0.0.127.bl.spamcop.net.
This sound a good fix to me .
Anyone see drawbacks ?
bye
Norman
*If* I understood well the problem, but it's Noel the one who discovered
and digged into it, and is much more entitled to say if it would work.
To be precise, I think that the best, easiest and cleanest thing would
be to change the stock james-smtphandlerchain.xml file this way:
<whitelist> query.bondedsender.org </whitelist>
<blacklist> sbl-xbl.spamhaus.org </blacklist>
<blacklist> list.dsbl.org </blacklist>
<blacklist> dul.dnsbl.sorbs.net </blacklist>
<blacklist> relays.ordb.org </blacklist>
to become
<whitelist> query.bondedsender.org. </whitelist>
<blacklist> sbl-xbl.spamhaus.org. </blacklist>
<blacklist> list.dsbl.org. </blacklist>
<blacklist> dul.dnsbl.sorbs.net. </blacklist>
<blacklist> relays.ordb.org. </blacklist>
The important entry is to the whitelist, but I would put it in all
domain names for coherence, and explain/warn the problem in a comment line.
Vincenzo
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
