changeset 128:9ab51896447f stable-5-18

don't do uribl lookups on rfc1918 address space
author carl
date Thu, 27 Apr 2006 10:05:43 -0700
parents 2b1a4701e856
children c5cd1261394d
files ChangeLog NEWS src/dnsbl.cpp
diffstat 3 files changed, 8 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Sat Apr 08 10:06:09 2006 -0700
+++ b/ChangeLog	Thu Apr 27 10:05:43 2006 -0700
@@ -1,6 +1,6 @@
     $Id$
 
-5.18 2006-04-08
+5.18 2006-04-27
     Bug fix - newer sendmail versions don't guarantee envelope addresses
     enclosed in <> wrapper.
 
@@ -8,6 +8,8 @@
     used to mainly spam filter and then forward to mail to the internal
     server.
 
+    Never ask uribl blacklists about rfc1918 address space.
+
 5.17 2006-03-25
     Never ask dns blacklists about rfc1918 address space.
 
--- a/NEWS	Sat Apr 08 10:06:09 2006 -0700
+++ b/NEWS	Thu Apr 27 10:05:43 2006 -0700
@@ -1,6 +1,6 @@
     $Id$
 
-5.18 2006-04-08 sendmail no longer guarantees <> wrapper on envelopes
+5.18 2006-04-27 sendmail no longer guarantees <> wrapper on envelopes, don't ask uribls about rfc1918 space either
 5.17 2006-03-25 never ask dns blacklists about rfc1918 address space
 5.16 2006-03-16 bug fix, smtp error message for uribl filtering needs host name, not ip address
 5.15 2006-03-15 bug fix, failed to set reason code when rejecting mail from content filtering
--- a/src/dnsbl.cpp	Sat Apr 08 10:06:09 2006 -0700
+++ b/src/dnsbl.cpp	Thu Apr 27 10:05:43 2006 -0700
@@ -709,6 +709,10 @@
 	in_addr ip;
 	if (inet_aton(hostname, &ip)) {
 		const u_char *src = (const u_char *)&ip.s_addr;
+		if (src[0] == 127) return false;	// don't do dns lookups on localhost
+		if (src[0] == 10)  return false;	// don't do dns lookups on rfc1918 space
+		if ((src[0] == 192) && (src[1] == 168)) return false;
+		if ((src[0] == 172) && (16 <= src[1]) && (src[1] <= 31)) return false;
 		static char adr[sizeof "255.255.255.255"];
 		snprintf(adr, sizeof(adr), "%u.%u.%u.%u", src[3], src[2], src[1], src[0]);
 		return (uriblookup(priv, adr, NULL, found));