[exim-dev] [Bug 2631] New: Option to restrict dnslists to sp…

Top Page

Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2631] New: Option to restrict dnslists to specific networks and log a warning if they return IP addresses outside this range
https://bugs.exim.org/show_bug.cgi?id=2631

            Bug ID: 2631
           Summary: Option to restrict dnslists to specific networks and
                    log a warning if they return IP addresses outside this
                    range
           Product: Exim
           Version: N/A
          Hardware: All
                OS: All
            Status: NEW
          Severity: wishlist
          Priority: medium
         Component: ACLs
          Assignee: jgh146exb@???
          Reporter: bugzilla.exim.simon@???
                CC: exim-dev@???


If a dnslist domain expires and is registered by someone else that puts a
wildcard record in pointing at a webserver, it starts returning IP addresses
outside of 127.0.0.0/8.

It would be useful if Exim could log a warning when this happens and ignore all
results for that dnslist lookup.

An address list configuration option would be the most flexible way to do this
because 127.0.0.0 and 172.0.0.1 could be prohibited too if they are never used
by any dnslists.

It is possible to use "&127.0.0.0" but this allows 255.0.0.0/8 too and doesn't
inform the server operator that the dnslist is returning invalid responses. For
that reason the check must be applied before any other filtering specified in
the ACL entry itself.

--
You are receiving this mail because:
You are on the CC list for the bug.