ignore search path in DNS lookups

2.  If the name doesn't end in a dot then append each item in the search list to the name.
           This is only done if dnsrch is true.

triggered by..

From: Charlie Brady <charlieb-qpsmtpd@budge.apana.org.au>
Subject: [BUG] Default search path used in require_resolvable_fromhost
Date: Sat, 17 Jul 2010 16:24:42 -0400 (EDT)
Message-ID:
 <Pine.LNX.4.64.1007171623040.17109@e-smith.charlieb.ott.istop.com>

http://bugs.contribs.org/show_bug.cgi?id=5808

 Jesper Knudsen      2010-03-01 01:29:10 MST

When using the require_resolvable_fromhost plugin for qpsmtpd I noticed
that mails from user@localhost.localdomain was actually getting through
this filter. I finally found out that the plugin has a bug that causes it
to insert default search path if it cannot find the domain. This means in
my case that localhost.localdomain was then tried resolved as
localhost.localdomain.swerts-knudsen.dk and since I have a wilcard CNAME
was resolved as my public IP.

Since this plugin is only enabled for public interface the fix is to set
the "dnsrch" flag when creating the Net::DNS object.

In require_resolvable_fromhost:
my $res = Net::DNS::Resolver->new (
                                   dnsrch => 0
                                   );
This commit is contained in:
Robert 2010-07-25 21:44:02 -07:00
parent e2ee6f13e5
commit 803a320127
2 changed files with 4 additions and 2 deletions

View File

@ -1,6 +1,8 @@
Next Version Next Version
require_resolvable_fromhost ignores DNS search path (i.e. it expects fully resolved domains) (Robert Spier, Charlie Brady)
new plugin auth_vpopmaild (Robin Bowes) new plugin auth_vpopmaild (Robin Bowes)
new plugin auth_checkpassword (Matt Simerson) new plugin auth_checkpassword (Matt Simerson)

View File

@ -58,7 +58,7 @@ sub check_dns {
return 1 if $host =~ m/^\[(\d{1,3}\.){3}\d{1,3}\]$/; return 1 if $host =~ m/^\[(\d{1,3}\.){3}\d{1,3}\]$/;
my $res = new Net::DNS::Resolver; my $res = new Net::DNS::Resolver(dnsrch => 0);
$res->tcp_timeout(30); $res->tcp_timeout(30);
$res->udp_timeout(30); $res->udp_timeout(30);
my @mx = mx($res, $host); my @mx = mx($res, $host);
@ -116,7 +116,7 @@ sub is_valid {
sub mx_valid { sub mx_valid {
my ($self, $name, $host) = @_; my ($self, $name, $host) = @_;
my $res = new Net::DNS::Resolver; my $res = new Net::DNS::Resolver(dnsrch => 0);
# IP in MX # IP in MX
return is_valid($name) if ip_is_ipv4($name) or ip_is_ipv6($name); return is_valid($name) if ip_is_ipv4($name) or ip_is_ipv6($name);