[exim-dev] [Bug 2631] Option to restrict dnslists to specifi…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: admin
Date:  
À: exim-dev
Anciens-sujets: [exim-dev] [Bug 2631] New: Option to restrict dnslists to specific networks and log a warning if they return IP addresses outside this range
Sujet: [exim-dev] [Bug 2631] Option to restrict dnslists to specific networks and log a warning if they return IP addresses outside this range
https://bugs.exim.org/show_bug.cgi?id=2631

Simon Arlott <bugzilla.exim.simon@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #1372|0                           |1
        is obsolete|                            |


--- Comment #19 from Simon Arlott <bugzilla.exim.simon@???> ---
Created attachment 1373
--> https://bugs.exim.org/attachment.cgi?id=1373&action=edit
Patch to make valid lookup result addresses configurable

I've modified my patch to return DEFER if the dnslist_valid_addresses expansion
fails.

There was another bug in the current implementation because it doesn't verify
addresses when doing exact matching but those can be negated:
>>> check dnslists = rbl.test.ex!=127.0.0.1
>>> dnslists check: rbl.test.ex!=127.0.0.1
>>> dnslists: using result of previous lookup
>>> DNS lookup for 102.13.13.V4NET.rbl.test.ex succeeded (yielding 128.0.0.0)

->>> => that means V4NET.13.13.102 is listed at rbl.test.ex
->>> warn: condition test succeeded in ACL "check_vrfy"
->>> processing "warn" (TESTSUITE/test-config 27)
+>>> 128.0.0.0 in dnslist_valid_addresses? no (end of list)
+LOG: DNS list lookup for V4NET.13.13.102 at rbl.test.ex returned 128.0.0.0;
invalid address discarded
+>>> => all addresses are invalid
+>>> => that means V4NET.13.13.102 is not listed at rbl.test.ex
+>>> warn: condition test failed in ACL "check_vrfy"

I'm now updating the address list so that $dnslist_value will be correct:
>>> check dnslists = rbl.test.ex!=127.0.0.1
>>> dnslists check: rbl.test.ex!=127.0.0.1
>>> dnslists: using result of previous lookup
>>> DNS lookup for 104.13.13.V4NET.rbl.test.ex succeeded (yielding

255.255.255.255, 127.0.0.0)
+>>> 255.255.255.255 in dnslist_valid_addresses? no (end of list)
+LOG: DNS list lookup for V4NET.13.13.104 at rbl.test.ex returned
255.255.255.255; invalid address discarded
+>>> 127.0.0.0 in dnslist_valid_addresses? yes (matched "127.0.0.0/8")
+>>> => updated address list: 127.0.0.0
>>> => that means V4NET.13.13.104 is listed at rbl.test.ex
>>> warn: condition test succeeded in ACL "check_vrfy"


--
You are receiving this mail because:
You are on the CC list for the bug.