Am Sonntag, den 30.07.2006, 12:08 +0200 schrieb Vincenzo Gianferrari Pini: > Norman Maurer wrote: > > >Am Sonntag, den 30.07.2006, 09:45 +0200 schrieb Vincenzo Gianferrari > >Pini: > > > > > >>Noel J. Bergman wrote: > >> > >> > >> > >>>Brian Wellington wrote: > >>> > >>> > >>> > >>> > >>> > >>>>Noel J. Bergman wrote: > >>>> > >>>> > >>>> > >>>> > >>> > >>> > >>> > >>> > >>>>>adding "domain devtech.com" (see `man resolv.conf`) > >>>>>to /etc/resolv.conf changed the behavior so that it works: > >>>>> > >>>>>domain Local domain name. > >>>>> Most queries for names within this domain can use short > >>>>> names relative to the local domain. If no domain entry > >>>>> is present, the domain is determined from the local host > >>>>> name returned by gethostname(); the domain part is taken > >>>>> to be everything after the first `.'. Finally, if the > >>>>> host name does not contain a domain part, the root domain > >>>>> is assumed. > >>>>>and picking up the ".com" from my hostname. > >>>>> > >>>>> > >>>>> > >>>>> > >>> > >>> > >>> > >>> > >>>>The code in dnsjava's ResolverConfig class should be looking at any > >>>>"search" or "domain" entries in /etc/resolv.conf, and using them as > >>>>DNS searchlist entries; that is, suffixes to append to potentially > >>>>non-absolute domain names. I'm not sure why .com would be appended to a > >>>>domain name unless there was either a "domain com" or "search com" entry. > >>>> > >>>> > >>>> > >>>> > >>>That is the question, Brian. There were neither domain nor search entries > >>>in my resolv.conf, only nameserver entries; which is why I quoted the > >>>section from the man page, above. My hostname is devtech.com, which does > >>>have "com" after the first '.' in the hostname. *Now* I have "domain > >>>devtech.com", as the fix, and the spurious ".com" suffix is no longer being > >>>added. > >>> > >>> > >>> > >>> > >>> > >>So, if I understood well, the behaviour *before* you add the "domain" > >>entry in resolv.conf was coherent with what is prescripted in "man > >>resolv.conf`", as your host name is devtech.com (not xxx.devtech.com), > >>so dnsjava's ResolverConfig looked for the hostname using gethostname(), > >>got devtech.com, and as "the domain part is taken to be everything after > >>the first `.", got ".com" it built the string > >>"query.bondedsender.org.com". It seems to be the expected behaviour in > >>dnsjava, isn't it? > >> > >>And some tricky spammer, knowing this possibly misleading behaviour, has > >>spoofed "query.bondedsender.org" using a new whitelist > >>"query.bondedsender.org.com" that lists the IPs he uses to send spam! > >> > >> > >> > >>>>You've figured out the problem, and there's nothing wrong in dnsjava > >>>>here, right? > >>>> > >>>> > >>>> > >>>> > >>>I'll agree that I should've had a domain entry to counter-balance the > >>>hostname, as described above. But it sounds from your description as if > >>>you > >>>want to at least check dnsjava to see how the .com was getting added, since > >>>there seems to be some question as to what did it. > >>> > >>> > >>> > >>> > >>But it seems that dnsjava is behaving ok, or not? In the positive case > >>it should be a James concern to avoid falling in this trick, adding a > >>'.' at the end of the whitelist (and blacklist) domain name strings > >>before calling lookup, or even better putting a '.' at the end of the > >>names available in the tock configuration files, with a warning > >>explaining it. > >> > >>Vincenzo > >> > >> > > > >So i understand right that you want to append a "." on the end of any > >"entry" you want to lookup ? So if we build the address to lookup this > >will happen: > > > >1.0.0.127.bl.spamcop.net -> 1.0.0.127.bl.spamcop.net. > > > >This sound a good fix to me . > > > >Anyone see drawbacks ? > > > >bye > >Norman > > > > > *If* I understood well the problem, but it's Noel the one who discovered > and digged into it, and is much more entitled to say if it would work. > > To be precise, I think that the best, easiest and cleanest thing would > be to change the stock james-smtphandlerchain.xml file this way: > > <whitelist> query.bondedsender.org </whitelist> > <blacklist> sbl-xbl.spamhaus.org </blacklist> > <blacklist> list.dsbl.org </blacklist> > <blacklist> dul.dnsbl.sorbs.net </blacklist> > <blacklist> relays.ordb.org </blacklist> > > to become > > <whitelist> query.bondedsender.org. </whitelist> > <blacklist> sbl-xbl.spamhaus.org. </blacklist> > <blacklist> list.dsbl.org. </blacklist> > <blacklist> dul.dnsbl.sorbs.net. </blacklist> > <blacklist> relays.ordb.org. </blacklist> > > The important entry is to the whitelist, but I would put it in all > domain names for coherence, and explain/warn the problem in a comment line. > > Vincenzo
Well, maybe we should check if the "entry" contains a "." as last char. if not add it. What the others think ? bye Norman Ps: We should change the config of course to show the correct "configuration".
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
