[exim-dev] [Bug 2631] Option to restrict dnslists to specifi…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
Madmin at <-
Madmin at ->
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Old-Topics: [exim-dev] [Bug 2631] New: Option to restrict dnslists to specific networks and log a warning if they return IP addresses outside this range
Subject: [exim-dev] [Bug 2631] Option to restrict dnslists to specific networks and log a warning if they return IP addresses outside this range
https://bugs.exim.org/show_bug.cgi?id=2631

Simon Arlott <bugzilla.exim.simon@???> changed: 

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #1372|0                           |1
        is obsolete|                            |


--- Comment #19 from Simon Arlott <bugzilla.exim.simon@???> ---
Created attachment 1373
--> https://bugs.exim.org/attachment.cgi?id=1373&action=edit
Patch to make valid lookup result addresses configurable

I've modified my patch to return DEFER if the dnslist_valid_addresses expansion
fails.

There was another bug in the current implementation because it doesn't verify
addresses when doing exact matching but those can be negated:
>>> check dnslists = rbl.test.ex!=127.0.0.1
>>> dnslists check: rbl.test.ex!=127.0.0.1
>>> dnslists: using result of previous lookup
>>> DNS lookup for 102.13.13.V4NET.rbl.test.ex succeeded (yielding 128.0.0.0)
->>> => that means V4NET.13.13.102 is listed at rbl.test.ex
->>> warn: condition test succeeded in ACL "check_vrfy"
->>> processing "warn" (TESTSUITE/test-config 27)
+>>> 128.0.0.0 in dnslist_valid_addresses? no (end of list)
+LOG: DNS list lookup for V4NET.13.13.102 at rbl.test.ex returned 128.0.0.0;
invalid address discarded
+>>> => all addresses are invalid
+>>> => that means V4NET.13.13.102 is not listed at rbl.test.ex
+>>> warn: condition test failed in ACL "check_vrfy"

I'm now updating the address list so that $dnslist_value will be correct:
>>> check dnslists = rbl.test.ex!=127.0.0.1
>>> dnslists check: rbl.test.ex!=127.0.0.1
>>> dnslists: using result of previous lookup
>>> DNS lookup for 104.13.13.V4NET.rbl.test.ex succeeded (yielding
255.255.255.255, 127.0.0.0)
+>>> 255.255.255.255 in dnslist_valid_addresses? no (end of list)
+LOG: DNS list lookup for V4NET.13.13.104 at rbl.test.ex returned
255.255.255.255; invalid address discarded
+>>> 127.0.0.0 in dnslist_valid_addresses? yes (matched "127.0.0.0/8")
+>>> => updated address list: 127.0.0.0
>>> => that means V4NET.13.13.104 is listed at rbl.test.ex
>>> warn: condition test succeeded in ACL "check_vrfy"

--
You are receiving this mail because:
You are on the CC list for the bug.
This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-[exim-dev] [Bug 2631] Option to restrict dnslists to specific networks and log a warning if they return IP addresses outside this range[exim-dev] [Bug 2631] Option to restrict dnslists to specific networks and log a warning if they return IP addresses outside this range->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)