From d6c428716f702787c50695a6770f1afcaa1cdbc8 Mon Sep 17 00:00:00 2001 From: "Peter J. Holzer" Date: Sat, 16 Dec 2006 09:46:12 +0000 Subject: [PATCH] Check if the domain name in a DNS response packet matches one of the domain names we queried. See the thread "dnsbl or spamhaus occassionally blocks wrong IP" starting at 14 Mar 2006 for details. git-svn-id: https://svn.perl.org/qpsmtpd/branches/0.3x@683 958fd67b-6ff1-0310-b445-bb7760255be9 --- plugins/dnsbl | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/plugins/dnsbl b/plugins/dnsbl index 6526cbd..48df98f 100644 --- a/plugins/dnsbl +++ b/plugins/dnsbl @@ -57,8 +57,10 @@ sub hook_connect { my $sel = IO::Select->new(); + my $dom; for my $dnsbl (keys %dnsbl_zones) { # fix to find A records, if the dnsbl_zones line has a second field 20/1/04 ++msp + $dom->{"$reversed_ip.$dnsbl"} = 1; if (defined($dnsbl_zones{$dnsbl})) { $self->log(LOGDEBUG, "Checking $reversed_ip.$dnsbl for A record in the background"); $sel->add($res->bgsend("$reversed_ip.$dnsbl")); @@ -69,6 +71,7 @@ sub hook_connect { } $self->qp->connection->notes('dnsbl_sockets', $sel); + $self->qp->connection->notes('dnsbl_domains', $dom); return DECLINED; } @@ -88,6 +91,7 @@ sub process_sockets { $res->udp_timeout(30); my $sel = $conn->notes('dnsbl_sockets') or return ""; + my $dom = $conn->notes('dnsbl_domains'); my $remote_ip = $self->qp->connection->remote_ip; my $result; @@ -110,11 +114,13 @@ sub process_sockets { if ($query) { my $a_record = 0; foreach my $rr ($query->answer) { - $a_record = 1 if $rr->type eq "A"; my $name = $rr->name; + $self->log(LOGDEBUG, "name $name"); + next unless $dom->{$name}; + $self->log(LOGDEBUG, "name $name was queried"); + $a_record = 1 if $rr->type eq "A"; ($dnsbl) = ($name =~ m/(?:\d+\.){4}(.*)/) unless $dnsbl; $dnsbl = $name unless $dnsbl; - $self->log(LOGDEBUG, "name ", $rr->name); next unless $rr->type eq "TXT"; $self->log(LOGDEBUG, "got txt record"); $result = $rr->txtdata and last;