Mercurial > dnsbl

changeset 174:da0c41b9f672

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
don't whitelist addresses with embedded spaces
author carl
date Sun, 23 Sep 2007 11:20:12 -0700
parents 83fe0be032c1
children e726e1a61ef9
files ChangeLog Makefile.am NEWS configure.in dnsbl.conf dnsbl.spec.in src/context.cpp src/dnsbl.cpp tld.conf xml/dnsbl.in
diffstat 10 files changed, 32 insertions(+), 26 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Thu Sep 06 09:50:05 2007 -0700
+++ b/ChangeLog	Sun Sep 23 11:20:12 2007 -0700
@@ -1,5 +1,9 @@
     $Id$
 
+6.10 2007-09-23
+    Don't whitelist addresses with embedded blanks, or the empty
+    path.
+
 6.09 2007-09-06
     Fix memory leak in auto-whitelisting code. Update auto-whitelist
     timestamps when receiving mail from auto-whitelisted senders.
--- a/Makefile.am	Thu Sep 06 09:50:05 2007 -0700
+++ b/Makefile.am	Sun Sep 23 11:20:12 2007 -0700
@@ -11,7 +11,7 @@
 	       sed -e "s,SYSCONFDIR,$(sysconfdir),g" >dnsbl
 
 chkconfig: dnsbl
-	   /usr/bin/getent passwd dnsbl >/dev/null || /usr/sbin/useradd -r -d /etc/dnsbl -M -c "dnsbl pseudo-user" -s /sbin/nologin dnsbl
+	   /usr/bin/getent passwd dnsbl >/dev/null || /usr/sbin/useradd -r -d $(sysconfdir)/dnsbl -M -c "dnsbl pseudo-user" -s /sbin/nologin dnsbl >/dev/null
 	   mv -f $(sysconfdir)/dnsbl/dnsbl /etc/rc.d/init.d
 	   mkdir $(sysconfdir)/dnsbl/autowhite
 	   chown dnsbl:root $(sysconfdir)/dnsbl/autowhite
--- a/NEWS	Thu Sep 06 09:50:05 2007 -0700
+++ b/NEWS	Sun Sep 23 11:20:12 2007 -0700
@@ -1,5 +1,6 @@
     $Id$
 
+6.10 2007-09-23 Don't whitelist addresses with embedded blanks, or the empty path.
 6.09 2007-09-06 Fix memory leak. Update timestamps when receiving from auto-whitelisted sender.
 6.08 2007-08-30 Don't do generic reverse dns filtering on authenticated connections.
 6.07 2007-08-30 Add generic reverse dns filtering with regular expression.
--- a/configure.in	Thu Sep 06 09:50:05 2007 -0700
+++ b/configure.in	Sun Sep 23 11:20:12 2007 -0700
@@ -1,6 +1,6 @@
 
 AC_PREREQ(2.59)
-AC_INIT(dnsbl,6.09,carl@five-ten-sg.com)
+AC_INIT(dnsbl,6.10,carl@five-ten-sg.com)
 AC_CONFIG_SRCDIR([config.h.in])
 AC_CONFIG_HEADER([config.h])
 
--- a/dnsbl.conf	Thu Sep 06 09:50:05 2007 -0700
+++ b/dnsbl.conf	Sun Sep 23 11:20:12 2007 -0700
@@ -1,9 +1,7 @@
 context main-default {
     // outbound dnsbl filtering to catch our own customers that end up on the sbl
-    dnsbl   localp  partial.blackholes.five-ten-sg.com  "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s";
-    dnsbl   local   blackholes.five-ten-sg.com  "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s";
     dnsbl   sbl     sbl-xbl.spamhaus.org        "Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";
-    dnsbl_list  local sbl;
+    dnsbl_list  sbl;
 
     // outbound content filtering to prevent our own customers from sending spam
     content on {
@@ -37,7 +35,7 @@
 context main {
     dnsbl   localp  partial.blackholes.five-ten-sg.com  "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s";
     dnsbl   local   blackholes.five-ten-sg.com  "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s";
-    dnsbl   sbl     sbl-xbl.spamhaus.org        "Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";
+    dnsbl   sbl     zen.spamhaus.org            "Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";
     dnsbl   xbl     xbl.spamhaus.org            "Mail from %s rejected - xbl; see http://www.spamhaus.org/query/bl?ip=%s";
     dnsbl_list  local sbl;
 
@@ -60,8 +58,7 @@
     env_to {
         # !! replace this with your domain names
         # child contexts are not allowed to specify recipient addresses outside these domains
-        # or leave this empty to allow unrestricted child contexts
-        # example.com;
+        include "/etc/mail/local-host-names";
     };
 
     context whitelist {
@@ -76,6 +73,7 @@
     context abuse {
         dnsbl_list xbl;
         content off {};
+        generic "^$ " " ";      # regex cannot match, to disable generic rdns rejects
         env_to {
             abuse@              # no content filtering on abuse reports
             postmaster@         # ""
@@ -86,6 +84,7 @@
     context minimal {
         dnsbl_list sbl;
         content on {};
+        spamassassin 10;
         generic "^$ " " ";      # regex cannot match, to disable generic rdns rejects
         env_to {
         };
--- a/dnsbl.spec.in	Thu Sep 06 09:50:05 2007 -0700
+++ b/dnsbl.spec.in	Sun Sep 23 11:20:12 2007 -0700
@@ -70,7 +70,7 @@
 
 
 %pre
-/usr/bin/getent passwd @PACKAGE@ >/dev/null || useradd -r -d %{_sysconfdir}/@PACKAGE@ -M -c "@PACKAGE@ pseudo-user" -s /sbin/nologin @PACKAGE@ >/dev/null
+/usr/bin/getent passwd @PACKAGE@ >/dev/null || /usr/sbin/useradd -r -d %{_sysconfdir}/@PACKAGE@ -M -c "@PACKAGE@ pseudo-user" -s /sbin/nologin @PACKAGE@ >/dev/null
 
 
 %post
--- a/src/context.cpp	Thu Sep 06 09:50:05 2007 -0700
+++ b/src/context.cpp	Sun Sep 23 11:20:12 2007 -0700
@@ -498,9 +498,11 @@
 				for (autowhite_sent::iterator i=rcpts.begin(); i!=rcpts.end(); i++) {
 					char *who = (*i).first;
 					int  when = (*i).second;
+					if (!strchr(who, ' ')) {
 					ofs << who << " " << when << endl;
 				}
 			}
+			}
 			ofs.close();
 			need = false;
 			loaded = time(NULL);	// update load time
--- a/src/dnsbl.cpp	Thu Sep 06 09:50:05 2007 -0700
+++ b/src/dnsbl.cpp	Sun Sep 23 11:20:12 2007 -0700
@@ -984,6 +984,13 @@
 	CONFIG &dc = *priv.pc;
 	char  *rcptaddr  = rcpt[0];
 	char  *loto 	 = to_lower_string(rcptaddr);
+
+	// some version of sendmail allowed rcpt to:<> and passed it thru to the milters
+	if (strcmp(loto, "<>") == 0) {
+		smfi_setreply(ctx, "550", "5.7.1", "bogus recipient");
+		return SMFIS_REJECT;
+	}
+
 	if (priv.assassin) priv.assassin->mlfi_envrcpt(ctx, loto);
 	// priv.mailaddr sending original message to loto
 	CONTEXT 	&con = *(dc.find_context(loto)->find_context(priv.mailaddr));
--- a/tld.conf	Thu Sep 06 09:50:05 2007 -0700
+++ b/tld.conf	Sun Sep 23 11:20:12 2007 -0700
@@ -1,5 +1,5 @@
 #
-# icann tlds from http://www.icann.org/registries/listing.html as of 2007-07-01
+# icann tlds from http://www.icann.org/registries/listing.html as of 2007-09-08
 #
 aero
 asia
@@ -23,13 +23,7 @@
 travel
 
 #
-# extra (obsolete?) country codes that are in the root as of 2007-07-01
-#
-yu  # Yugoslavia
-su  # soviet union
-
-#
-# iana root tlds from http://www.iana.org/cctld/cctld-whois.htm as of 2007-07-01
+# iana root tlds from http://www.iana.org/cctld/cctld-whois.htm as of 2007-09-08
 #
 ac  # Ascension Island
 ad  # Andorra
--- a/xml/dnsbl.in	Thu Sep 06 09:50:05 2007 -0700
+++ b/xml/dnsbl.in	Sun Sep 23 11:20:12 2007 -0700
@@ -12,7 +12,7 @@
 
     <refentry id="@PACKAGE@.1">
         <refentryinfo>
-            <date>2007-08-30</date>
+            <date>2007-09-07</date>
         </refentryinfo>
 
         <refmeta>
@@ -538,7 +538,7 @@
 
     <refentry id="@PACKAGE@.conf.5">
         <refentryinfo>
-            <date>2007-08-30</date>
+            <date>2007-09-07</date>
         </refentryinfo>
 
         <refmeta>
@@ -628,10 +628,8 @@
             <literallayout class="monospaced"><![CDATA[
 context main-default {
     // outbound dnsbl filtering to catch our own customers that end up on the sbl
-    dnsbl   localp  partial.blackholes.five-ten-sg.com  "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s";
-    dnsbl   local   blackholes.five-ten-sg.com  "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s";
     dnsbl   sbl     sbl-xbl.spamhaus.org        "Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";
-    dnsbl_list  local sbl;
+    dnsbl_list  sbl;
 
     // outbound content filtering to prevent our own customers from sending spam
     content on {
@@ -665,7 +663,7 @@
 context main {
     dnsbl   localp  partial.blackholes.five-ten-sg.com  "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s";
     dnsbl   local   blackholes.five-ten-sg.com  "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s";
-    dnsbl   sbl     sbl-xbl.spamhaus.org        "Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";
+    dnsbl   sbl     zen.spamhaus.org            "Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";
     dnsbl   xbl     xbl.spamhaus.org            "Mail from %s rejected - xbl; see http://www.spamhaus.org/query/bl?ip=%s";
     dnsbl_list  local sbl;
 
@@ -688,8 +686,7 @@
     env_to {
         # !! replace this with your domain names
         # child contexts are not allowed to specify recipient addresses outside these domains
-        # or leave this empty to allow unrestricted child contexts
-        # example.com;
+        include "/etc/mail/local-host-names";
     };
 
     context whitelist {
@@ -704,6 +701,7 @@
     context abuse {
         dnsbl_list xbl;
         content off {};
+        generic "^$ " " ";      # regex cannot match, to disable generic rdns rejects
         env_to {
             abuse@              # no content filtering on abuse reports
             postmaster@         # ""
@@ -714,6 +712,7 @@
     context minimal {
         dnsbl_list sbl;
         content on {};
+        spamassassin 10;
         generic "^$ " " ";      # regex cannot match, to disable generic rdns rejects
         env_to {
         };