develooper Front page | perl.qpsmtpd | Postings from March 2006

Re: dnsbl or spamhaus occassionally blocks wrong IP

Thread Previous | Thread Next
From:
Peter J. Holzer
Date:
March 14, 2006 14:12
Subject:
Re: dnsbl or spamhaus occassionally blocks wrong IP
Message ID:
20060314221157.GE19939@teal.hjp.at
On 2006-03-14 22:29:33 +0100, Peter J. Holzer wrote:
> My expectation was wrong. As Sidney Markowitz in
> http://issues.apache.org/SpamAssassin/show_bug.cgi?id=3997#c73 points
> out:
> 
> | Net::DNS can't use the ID field to ensure that a bgread matches up with
> | a bgsend unless it cached every socket returned by bgsend in order to
> | save the ID in a hash with it.
> 
> So the matching has to be done by the application. We don't actually
> have to check the ID (although we probably should to avoid spoofed
> responses), but we should at least check if the name in the request
> matches the name in the query. (currently the name is only extracted to
> find out which rbl this was)

Here is a first patch. It checks only if the name(s) in the answer
section match the name(s) in the queries. It doesn't try to match IDs.
I think that is acceptable in this case, as presumably qpsmtpd and the
nameserver are behind the same firewall or even on the same host.

	hp


-- 
   _  | Peter J. Holzer    | Ich sehe nun ein, dass Computer wenig
|_|_) | Sysadmin WSR       | geeignet sind, um sich was zu merken.
| |   | hjp@hjp.at         |
__/   | http://www.hjp.at/ |	-- Holger Lembke in dan-am

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About