If true this means that an attacker can white- or blacklist any email by sending fake dns replies (only randomisation is source port). Furthermore any other application on same machine also doing dns lookup may end up using same source port and have it's replies being mixed with those plugin DNSBL is waiting for.
Spamassassin is also using Net::DNS bgsend/bgread, but does verify if the dns answer id matched the request.
Maybe Net::DNS requires the caller to do the validation, or did I miss something?
I'm working on a way to test this, but would love to hear others opinion, before doing to much work for maybe nothing :-)
Best regards, Diego d'Ambra
smime.p7s
Description: S/MIME Cryptographic Signature
