Mercurial > dnsbl
changeset 174:da0c41b9f672
don't whitelist addresses with embedded spaces
author | carl |
---|---|
date | Sun, 23 Sep 2007 11:20:12 -0700 |
parents | 83fe0be032c1 |
children | e726e1a61ef9 |
files | ChangeLog Makefile.am NEWS configure.in dnsbl.conf dnsbl.spec.in src/context.cpp src/dnsbl.cpp tld.conf xml/dnsbl.in |
diffstat | 10 files changed, 32 insertions(+), 26 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Thu Sep 06 09:50:05 2007 -0700 +++ b/ChangeLog Sun Sep 23 11:20:12 2007 -0700 @@ -1,5 +1,9 @@ $Id$ +6.10 2007-09-23 + Don't whitelist addresses with embedded blanks, or the empty + path. + 6.09 2007-09-06 Fix memory leak in auto-whitelisting code. Update auto-whitelist timestamps when receiving mail from auto-whitelisted senders.
--- a/Makefile.am Thu Sep 06 09:50:05 2007 -0700 +++ b/Makefile.am Sun Sep 23 11:20:12 2007 -0700 @@ -11,7 +11,7 @@ sed -e "s,SYSCONFDIR,$(sysconfdir),g" >dnsbl chkconfig: dnsbl - /usr/bin/getent passwd dnsbl >/dev/null || /usr/sbin/useradd -r -d /etc/dnsbl -M -c "dnsbl pseudo-user" -s /sbin/nologin dnsbl + /usr/bin/getent passwd dnsbl >/dev/null || /usr/sbin/useradd -r -d $(sysconfdir)/dnsbl -M -c "dnsbl pseudo-user" -s /sbin/nologin dnsbl >/dev/null mv -f $(sysconfdir)/dnsbl/dnsbl /etc/rc.d/init.d mkdir $(sysconfdir)/dnsbl/autowhite chown dnsbl:root $(sysconfdir)/dnsbl/autowhite
--- a/NEWS Thu Sep 06 09:50:05 2007 -0700 +++ b/NEWS Sun Sep 23 11:20:12 2007 -0700 @@ -1,5 +1,6 @@ $Id$ +6.10 2007-09-23 Don't whitelist addresses with embedded blanks, or the empty path. 6.09 2007-09-06 Fix memory leak. Update timestamps when receiving from auto-whitelisted sender. 6.08 2007-08-30 Don't do generic reverse dns filtering on authenticated connections. 6.07 2007-08-30 Add generic reverse dns filtering with regular expression.
--- a/configure.in Thu Sep 06 09:50:05 2007 -0700 +++ b/configure.in Sun Sep 23 11:20:12 2007 -0700 @@ -1,6 +1,6 @@ AC_PREREQ(2.59) -AC_INIT(dnsbl,6.09,carl@five-ten-sg.com) +AC_INIT(dnsbl,6.10,carl@five-ten-sg.com) AC_CONFIG_SRCDIR([config.h.in]) AC_CONFIG_HEADER([config.h])
--- a/dnsbl.conf Thu Sep 06 09:50:05 2007 -0700 +++ b/dnsbl.conf Sun Sep 23 11:20:12 2007 -0700 @@ -1,9 +1,7 @@ context main-default { // outbound dnsbl filtering to catch our own customers that end up on the sbl - dnsbl localp partial.blackholes.five-ten-sg.com "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s"; - dnsbl local blackholes.five-ten-sg.com "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s"; dnsbl sbl sbl-xbl.spamhaus.org "Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s"; - dnsbl_list local sbl; + dnsbl_list sbl; // outbound content filtering to prevent our own customers from sending spam content on { @@ -37,7 +35,7 @@ context main { dnsbl localp partial.blackholes.five-ten-sg.com "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s"; dnsbl local blackholes.five-ten-sg.com "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s"; - dnsbl sbl sbl-xbl.spamhaus.org "Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s"; + dnsbl sbl zen.spamhaus.org "Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s"; dnsbl xbl xbl.spamhaus.org "Mail from %s rejected - xbl; see http://www.spamhaus.org/query/bl?ip=%s"; dnsbl_list local sbl; @@ -60,8 +58,7 @@ env_to { # !! replace this with your domain names # child contexts are not allowed to specify recipient addresses outside these domains - # or leave this empty to allow unrestricted child contexts - # example.com; + include "/etc/mail/local-host-names"; }; context whitelist { @@ -76,6 +73,7 @@ context abuse { dnsbl_list xbl; content off {}; + generic "^$ " " "; # regex cannot match, to disable generic rdns rejects env_to { abuse@ # no content filtering on abuse reports postmaster@ # "" @@ -86,6 +84,7 @@ context minimal { dnsbl_list sbl; content on {}; + spamassassin 10; generic "^$ " " "; # regex cannot match, to disable generic rdns rejects env_to { };
--- a/dnsbl.spec.in Thu Sep 06 09:50:05 2007 -0700 +++ b/dnsbl.spec.in Sun Sep 23 11:20:12 2007 -0700 @@ -70,7 +70,7 @@ %pre -/usr/bin/getent passwd @PACKAGE@ >/dev/null || useradd -r -d %{_sysconfdir}/@PACKAGE@ -M -c "@PACKAGE@ pseudo-user" -s /sbin/nologin @PACKAGE@ >/dev/null +/usr/bin/getent passwd @PACKAGE@ >/dev/null || /usr/sbin/useradd -r -d %{_sysconfdir}/@PACKAGE@ -M -c "@PACKAGE@ pseudo-user" -s /sbin/nologin @PACKAGE@ >/dev/null %post
--- a/src/context.cpp Thu Sep 06 09:50:05 2007 -0700 +++ b/src/context.cpp Sun Sep 23 11:20:12 2007 -0700 @@ -498,9 +498,11 @@ for (autowhite_sent::iterator i=rcpts.begin(); i!=rcpts.end(); i++) { char *who = (*i).first; int when = (*i).second; + if (!strchr(who, ' ')) { ofs << who << " " << when << endl; } } + } ofs.close(); need = false; loaded = time(NULL); // update load time
--- a/src/dnsbl.cpp Thu Sep 06 09:50:05 2007 -0700 +++ b/src/dnsbl.cpp Sun Sep 23 11:20:12 2007 -0700 @@ -984,6 +984,13 @@ CONFIG &dc = *priv.pc; char *rcptaddr = rcpt[0]; char *loto = to_lower_string(rcptaddr); + + // some version of sendmail allowed rcpt to:<> and passed it thru to the milters + if (strcmp(loto, "<>") == 0) { + smfi_setreply(ctx, "550", "5.7.1", "bogus recipient"); + return SMFIS_REJECT; + } + if (priv.assassin) priv.assassin->mlfi_envrcpt(ctx, loto); // priv.mailaddr sending original message to loto CONTEXT &con = *(dc.find_context(loto)->find_context(priv.mailaddr));
--- a/tld.conf Thu Sep 06 09:50:05 2007 -0700 +++ b/tld.conf Sun Sep 23 11:20:12 2007 -0700 @@ -1,5 +1,5 @@ # -# icann tlds from http://www.icann.org/registries/listing.html as of 2007-07-01 +# icann tlds from http://www.icann.org/registries/listing.html as of 2007-09-08 # aero asia @@ -23,13 +23,7 @@ travel # -# extra (obsolete?) country codes that are in the root as of 2007-07-01 -# -yu # Yugoslavia -su # soviet union - -# -# iana root tlds from http://www.iana.org/cctld/cctld-whois.htm as of 2007-07-01 +# iana root tlds from http://www.iana.org/cctld/cctld-whois.htm as of 2007-09-08 # ac # Ascension Island ad # Andorra
--- a/xml/dnsbl.in Thu Sep 06 09:50:05 2007 -0700 +++ b/xml/dnsbl.in Sun Sep 23 11:20:12 2007 -0700 @@ -12,7 +12,7 @@ <refentry id="@PACKAGE@.1"> <refentryinfo> - <date>2007-08-30</date> + <date>2007-09-07</date> </refentryinfo> <refmeta> @@ -538,7 +538,7 @@ <refentry id="@PACKAGE@.conf.5"> <refentryinfo> - <date>2007-08-30</date> + <date>2007-09-07</date> </refentryinfo> <refmeta> @@ -628,10 +628,8 @@ <literallayout class="monospaced"><![CDATA[ context main-default { // outbound dnsbl filtering to catch our own customers that end up on the sbl - dnsbl localp partial.blackholes.five-ten-sg.com "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s"; - dnsbl local blackholes.five-ten-sg.com "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s"; dnsbl sbl sbl-xbl.spamhaus.org "Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s"; - dnsbl_list local sbl; + dnsbl_list sbl; // outbound content filtering to prevent our own customers from sending spam content on { @@ -665,7 +663,7 @@ context main { dnsbl localp partial.blackholes.five-ten-sg.com "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s"; dnsbl local blackholes.five-ten-sg.com "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s"; - dnsbl sbl sbl-xbl.spamhaus.org "Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s"; + dnsbl sbl zen.spamhaus.org "Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s"; dnsbl xbl xbl.spamhaus.org "Mail from %s rejected - xbl; see http://www.spamhaus.org/query/bl?ip=%s"; dnsbl_list local sbl; @@ -688,8 +686,7 @@ env_to { # !! replace this with your domain names # child contexts are not allowed to specify recipient addresses outside these domains - # or leave this empty to allow unrestricted child contexts - # example.com; + include "/etc/mail/local-host-names"; }; context whitelist { @@ -704,6 +701,7 @@ context abuse { dnsbl_list xbl; content off {}; + generic "^$ " " "; # regex cannot match, to disable generic rdns rejects env_to { abuse@ # no content filtering on abuse reports postmaster@ # "" @@ -714,6 +712,7 @@ context minimal { dnsbl_list sbl; content on {}; + spamassassin 10; generic "^$ " " "; # regex cannot match, to disable generic rdns rejects env_to { };