From 91f8133f5caf2d2a0f44d5b94daaa367bcdd76b0 Mon Sep 17 00:00:00 2001 From: Matt Simerson Date: Wed, 10 Sep 2014 13:47:34 -0700 Subject: [PATCH 1/2] 2x: use Utils->is_localhost() to detect loopback * it's IPv6 compatible * plugins/helo, plugins/fcrdns --- plugins/fcrdns | 31 ++++++++++++++++++------------- plugins/helo | 3 +-- 2 files changed, 19 insertions(+), 15 deletions(-) diff --git a/plugins/fcrdns b/plugins/fcrdns index 53b62c2..e9f224a 100644 --- a/plugins/fcrdns +++ b/plugins/fcrdns @@ -152,7 +152,7 @@ sub connect_handler { return DECLINED if $self->is_immune(); # run a couple cheap tests before the more expensive DNS tests - foreach my $test (qw/ invalid_localhost is_not_fqdn /) { + foreach my $test (qw/ is_valid_localhost is_not_fqdn /) { $self->$test() or return DECLINED; } @@ -163,19 +163,24 @@ sub connect_handler { return DECLINED; } -sub invalid_localhost { +sub is_valid_localhost { my ($self) = @_; - return 1 if lc $self->qp->connection->remote_host ne 'localhost'; - if ( $self->qp->connection->remote_ip ne '127.0.0.1' - && $self->qp->connection->remote_ip ne '::1') - { - $self->adjust_karma(-1); - $self->log(LOGINFO, "fail, not localhost"); - return; - } - $self->adjust_karma(1); - $self->log(LOGDEBUG, "pass, is localhost"); - return 1; + + if (Qpsmtpd::Utils->is_localhost($self->qp->connection->remote_ip)) { + $self->adjust_karma(1); + $self->log(LOGDEBUG, "pass, is localhost"); + return 1; + }; + + my $rh = $self->qp->connection->remote_host; + if ($rh && lc $self->qp->connection->remote_host eq 'localhost') { + $self->log(LOGDEBUG, "pass, remote_host is localhost"); + return 1; + }; + + $self->adjust_karma(-1); + $self->log(LOGINFO, "fail, not localhost"); + return; } sub is_not_fqdn { diff --git a/plugins/helo b/plugins/helo index d4e3a8c..5c7c70f 100644 --- a/plugins/helo +++ b/plugins/helo @@ -340,8 +340,7 @@ sub is_regex_match { sub invalid_localhost { my ($self, $host) = @_; return if lc $host ne 'localhost'; - my $ip = $self->qp->connection->remote_ip; - if ($ip && ($ip eq '127.0.0.1' || $ip eq '::1')) { + if (Qpsmtpd::Utils->is_localhost($self->qp->connection->remote_ip)) { $self->log(LOGDEBUG, "pass, is localhost"); return; } From 04a984bbab8f6e9a15538280a9a79e15bc55863a Mon Sep 17 00:00:00 2001 From: Matt Simerson Date: Wed, 10 Sep 2014 15:12:52 -0700 Subject: [PATCH 2/2] helo: improved invalid_localhost detection --- plugins/helo | 5 ++++- t/plugin_tests/helo | 27 +++++++++++++-------------- 2 files changed, 17 insertions(+), 15 deletions(-) diff --git a/plugins/helo b/plugins/helo index 5c7c70f..20a73e2 100644 --- a/plugins/helo +++ b/plugins/helo @@ -339,11 +339,14 @@ sub is_regex_match { sub invalid_localhost { my ($self, $host) = @_; - return if lc $host ne 'localhost'; if (Qpsmtpd::Utils->is_localhost($self->qp->connection->remote_ip)) { $self->log(LOGDEBUG, "pass, is localhost"); return; } + if ($host && lc $host eq 'localhost') { + $self->log(LOGDEBUG, "pass, host is localhost"); + return; + }; #$self->log( LOGINFO, "fail, not localhost" ); return ("You are not localhost", "invalid localhost"); diff --git a/t/plugin_tests/helo b/t/plugin_tests/helo index 8790894..a1c1a60 100644 --- a/t/plugin_tests/helo +++ b/t/plugin_tests/helo @@ -11,7 +11,7 @@ sub register_tests { $self->register_test('test_init_resolver', 2); $self->register_test('test_is_in_badhelo', 2); $self->register_test('test_is_regex_match', 3); - $self->register_test('test_invalid_localhost', 5); + $self->register_test('test_invalid_localhost', 8); $self->register_test('test_is_plain_ip', 3); $self->register_test('test_is_address_literal', 3); $self->register_test('test_no_forward_dns', 2); @@ -50,7 +50,7 @@ sub test_is_regex_match { my ($err, $why) = $self->is_regex_match('yahoo.com', 'ya.oo\.com$' ); ok( $err, "yahoo.com, $why"); - + ($err, $why) = $self->is_regex_match('yoda.com', 'ya.oo\.com$' ); ok( ! $err, "yahoo.com"); @@ -61,21 +61,20 @@ sub test_is_regex_match { sub test_invalid_localhost { my $self = shift; - $self->qp->connection->remote_ip(undef); - my ($err, $why) = $self->invalid_localhost('localhost' ); - ok( $err, "localhost, undefined remote IP: $why"); - - $self->qp->connection->remote_ip(''); - ($err, $why) = $self->invalid_localhost('localhost' ); - ok( $err, "localhost, empty remote IP: $why"); + my ($err, $why); + foreach my $ip ( undef, '', '192.0.99.5' ) { + $self->qp->connection->remote_ip(undef); + ($err, $why) = $self->invalid_localhost('localhost' ); + ok(!$err, "host: localhost, remote ip: $ip"); - $self->qp->connection->remote_ip('192.0.99.5'); - ($err, $why) = $self->invalid_localhost('localhost'); - ok( $err, "localhost, invalid remote IP: $why"); + $self->qp->connection->remote_ip(undef); + ($err, $why) = $self->invalid_localhost('not-localhost'); + ok($err, "host: not-localhost, remote ip: $ip"); + }; foreach my $ip (qw/ ::1 127.0.0.1 / ) { $self->qp->connection->remote_ip($ip); - ($err, $why) = $self->invalid_localhost('localhost'); + ($err, $why) = $self->invalid_localhost('not-localhost'); ok( ! $err, "localhost, correct remote IP ($ip)"); } }; @@ -111,7 +110,7 @@ sub test_no_forward_dns { my ($err, $why) = $self->no_forward_dns('perl.org'); ok( ! $err, "perl.org"); - + # reserved .test TLD: http://tools.ietf.org/html/rfc2606 ($err, $why) = $self->no_forward_dns('perl.org.test'); ok( $err, "test.perl.org.test");