From 803a320127f372fa1b6333155da7134a8efef619 Mon Sep 17 00:00:00 2001 From: Robert Date: Sun, 25 Jul 2010 21:44:02 -0700 Subject: [PATCH] ignore search path in DNS lookups 2. If the name doesn't end in a dot then append each item in the search list to the name. This is only done if dnsrch is true. triggered by.. From: Charlie Brady Subject: [BUG] Default search path used in require_resolvable_fromhost Date: Sat, 17 Jul 2010 16:24:42 -0400 (EDT) Message-ID: http://bugs.contribs.org/show_bug.cgi?id=5808 Jesper Knudsen 2010-03-01 01:29:10 MST When using the require_resolvable_fromhost plugin for qpsmtpd I noticed that mails from user@localhost.localdomain was actually getting through this filter. I finally found out that the plugin has a bug that causes it to insert default search path if it cannot find the domain. This means in my case that localhost.localdomain was then tried resolved as localhost.localdomain.swerts-knudsen.dk and since I have a wilcard CNAME was resolved as my public IP. Since this plugin is only enabled for public interface the fix is to set the "dnsrch" flag when creating the Net::DNS object. In require_resolvable_fromhost: my $res = Net::DNS::Resolver->new ( dnsrch => 0 ); --- Changes | 2 ++ plugins/require_resolvable_fromhost | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/Changes b/Changes index 49452cd..a864b4f 100644 --- a/Changes +++ b/Changes @@ -1,6 +1,8 @@ Next Version + require_resolvable_fromhost ignores DNS search path (i.e. it expects fully resolved domains) (Robert Spier, Charlie Brady) + new plugin auth_vpopmaild (Robin Bowes) new plugin auth_checkpassword (Matt Simerson) diff --git a/plugins/require_resolvable_fromhost b/plugins/require_resolvable_fromhost index a949460..e9e2a91 100644 --- a/plugins/require_resolvable_fromhost +++ b/plugins/require_resolvable_fromhost @@ -58,7 +58,7 @@ sub check_dns { return 1 if $host =~ m/^\[(\d{1,3}\.){3}\d{1,3}\]$/; - my $res = new Net::DNS::Resolver; + my $res = new Net::DNS::Resolver(dnsrch => 0); $res->tcp_timeout(30); $res->udp_timeout(30); my @mx = mx($res, $host); @@ -116,7 +116,7 @@ sub is_valid { sub mx_valid { my ($self, $name, $host) = @_; - my $res = new Net::DNS::Resolver; + my $res = new Net::DNS::Resolver(dnsrch => 0); # IP in MX return is_valid($name) if ip_is_ipv4($name) or ip_is_ipv6($name);