On Sun, 25 Jul 2010, Robert Spier wrote: > I've committed this as ab7c2601f0740fac1c3c117e7e5c0a5690348194. > > I'm not 100% sure it's a good idea, but I think it's mostly a good > thing.
What are your reservations? I don't think it would ever be acceptable for the fromhost to be resolvable only when the server's default domain is appended as suffix. And as reported, the current code is exploitable, and Jesper claimed to see it being exploited (but I am skeptical - is a spambot really injecting mail to u...@localhost.localdomain direct to his server?). > Charlie - It would be great if you could send patches instead of > "suggestions". It wasn't my suggestion - I was just relaying it. But point taken. > -R > > > Charlie Brady wrote: > > > > > > http://bugs.contribs.org/show_bug.cgi?id=5808 > > > > Jesper Knudsen 2010-03-01 01:29:10 MST > > > > When using the require_resolvable_fromhost plugin for qpsmtpd I noticed > > that mails from u...@localhost.localdomain was actually getting through > > this filter. I finally found out that the plugin has a bug that causes it > > to insert default search path if it cannot find the domain. This means in > > my case that localhost.localdomain was then tried resolved as > > localhost.localdomain.swerts-knudsen.dk and since I have a wilcard CNAME > > was resolved as my public IP. > > > > Since this plugin is only enabled for public interface the fix is to set > > the "dnsrch" flag when creating the Net::DNS object. > > > > In require_resolvable_fromhost: > > my $res = Net::DNS::Resolver->new ( > > dnsrch => 0 > > ); >
