[exim-dev] [Bug 2631] Option to restrict dnslists to specifi…

Top Page

Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2631] Option to restrict dnslists to specific networks and log a warning if they return IP addresses outside this range
https://bugs.exim.org/show_bug.cgi?id=2631

--- Comment #1 from Jeremy Harris <jgh146exb@???> ---
It's possible to use "!&127.255.255.0" which does take out 255.0/8.
Is there sufficient agreement among dnsbl operators to choose something as a
new default for filtering?

Spamhaus list as return ranges 127.0.0.0/24, 127.0.1.0/24, 127.0.2.0/24 for
hits.
Sorbs list return codes in the range 127.0.0.0/28

Then there's the logging side of the issue. Maybe a new log_selector?

But Spamhaus also returns values in 127.255.255.0/24 to indicate non-match
internal error cases. Should we care for logging, or leave the checking of
the returned value/s to the sysadmin?


--
RFC 6471 says:
- "most" ip-based dbsbls support queries for addrs in 127.0.0.0/24 (often
127.0.0.2)
to test operational status
- responses outside 127.0.0.0/24 should be taken as indication of non-function
- name-based dnsbls RECOMMENDED to support queries for "test" for operational
status; and a query for "INVALID" getting a positive response should be taken
as
indication of non-function

--
You are receiving this mail because:
You are on the CC list for the bug.