Charlie Brady wrote: > > > On Sun, 25 Jul 2010, Robert Spier wrote: > > > I've committed this as ab7c2601f0740fac1c3c117e7e5c0a5690348194. > > > > I'm not 100% sure it's a good idea, but I think it's mostly a good > > thing. > > What are your reservations? > > I don't think it would ever be acceptable for the fromhost to be > resolvable only when the server's default domain is appended as suffix. > And as reported, the current code is exploitable, and Jesper claimed to > see it being exploited (but I am skeptical - is a spambot really injecting > mail to u...@localhost.localdomain direct to his server?).
Internal systems to companies might not use fully qualified names when exchanging mail. I suspect that's not the common use case for qpsmtpd, or for mailservers, so shouldn't be a big deal. > > > Charlie - It would be great if you could send patches instead of > > "suggestions". > > It wasn't my suggestion - I was just relaying it. But point taken. > > > -R > > > > > > Charlie Brady wrote: > > > > > > > > > http://bugs.contribs.org/show_bug.cgi?id=5808 > > > > > > Jesper Knudsen 2010-03-01 01:29:10 MST > > > > > > When using the require_resolvable_fromhost plugin for qpsmtpd I noticed > > > that mails from u...@localhost.localdomain was actually getting through > > > this filter. I finally found out that the plugin has a bug that causes it > > > to insert default search path if it cannot find the domain. This means in > > > my case that localhost.localdomain was then tried resolved as > > > localhost.localdomain.swerts-knudsen.dk and since I have a wilcard CNAME > > > was resolved as my public IP. > > > > > > Since this plugin is only enabled for public interface the fix is to set > > > the "dnsrch" flag when creating the Net::DNS object. > > > > > > In require_resolvable_fromhost: > > > my $res = Net::DNS::Resolver->new ( > > > dnsrch => 0 > > > ); > >
