On 2008-09-30 01:30:44 -0700, Ask Bjørn Hansen wrote:
> How about making qpsmtpd require Net::DNS 0.60 then?
I've built in a work-around for the problem in older releases of
Net::DNS. But I'm not sure if that still works - from a casual glance at
the source I'd say no, and I'm not sure how it coul
How about making qpsmtpd require Net::DNS 0.60 then?
- ask
Charlie Brady wrote:
>
> On Sun, 28 Sep 2008, Ask Bj�rn Hansen wrote:
>
>> On Sep 28, 2008, at 12:01 AM, Diego d'Ambra wrote:
>>
>>> my $res = new Net::DNS::Resolver;
>>> $res->tcp_timeout(30);
>>> $res->udp_timeout(30);
>>> $res->srcport(1024+int(rand(64511)));
>>
>> Shouldn't this fix be in
On Mon, 29 Sep 2008, Charlie Brady wrote:
On Sun, 28 Sep 2008, Ask Bj?rn Hansen wrote:
On Sep 28, 2008, at 12:01 AM, Diego d'Ambra wrote:
> my $res = new Net::DNS::Resolver;
> $res->tcp_timeout(30);
> $res->udp_timeout(30);
> $res->srcport(1024+int(rand(64511)));
Shouldn't this f
On Sun, 28 Sep 2008, Ask Bj?rn Hansen wrote:
On Sep 28, 2008, at 12:01 AM, Diego d'Ambra wrote:
my $res = new Net::DNS::Resolver;
$res->tcp_timeout(30);
$res->udp_timeout(30);
$res->srcport(1024+int(rand(64511)));
Shouldn't this fix be in Net::DNS::Resolver?
http://search.cpan.org/src
On Sep 28, 2008, at 12:01 AM, Diego d'Ambra wrote:
my $res = new Net::DNS::Resolver;
$res->tcp_timeout(30);
$res->udp_timeout(30);
$res->srcport(1024+int(rand(64511)));
Shouldn't this fix be in Net::DNS::Resolver?
- ask
--
http://develooper.com/ - http://askask.com/
Diego d'Ambra wrote:
To me it seems that plugin DNSBL is using Net::DNS bgsend/bgread, but is
not checking the id of the reply received.
[...]
Attached suggested patch. Large part of it inspired by how Spamassassin
does it.
Changelog:
* Added source port randomisation to DNS queries
* Ad
Diego d'Ambra wrote:
[...]
I made a little change to DNSBL to ensure it randomize scr port and I
see a major difference.
Maybe latest version of Net::DNS does this (after Dan's widely report
exploit). My box is an older Sarge solution, so others may not see same
issue.
But even with ran
Matt Sergeant wrote:
On Sat, 27 Sep 2008 13:56:58 +0200, Diego d'Ambra wrote:
To me it seems that plugin DNSBL is using Net::DNS bgsend/bgread, but
is not checking the id of the reply received.
If true this means that an attacker can white- or blacklist any email
Thinking more about this - si
On Sat, 27 Sep 2008 20:09:37 -0400, Chris Lewis wrote:
> I've extended the async dnsbl plugin to do scoring. It occured to me a
> few days ago that DNSBLs with negative scores (DNSWLs) should be treated
> as a hit if they get a timeout or other failure. This has prompted me
> to comment about che
Matt Sergeant wrote:
> On Sat, 27 Sep 2008 13:56:58 +0200, Diego d'Ambra wrote:
>> To me it seems that plugin DNSBL is using Net::DNS bgsend/bgread, but
>> is not checking the id of the reply received.
>>
>> If true this means that an attacker can white- or blacklist any email
>
> Thinking more
On Sat, 27 Sep 2008 13:56:58 +0200, Diego d'Ambra wrote:
> To me it seems that plugin DNSBL is using Net::DNS bgsend/bgread, but
> is not checking the id of the reply received.
>
> If true this means that an attacker can white- or blacklist any email
Thinking more about this - since we don't do
Hanno Hecker wrote:
Hi Diego,
On Sat, 27 Sep 2008 10:11:15 -0400
Matt Sergeant <[EMAIL PROTECTED]> wrote:
On Sat, 27 Sep 2008 13:56:58 +0200, Diego d'Ambra wrote:
To me it seems that plugin DNSBL is using Net::DNS bgsend/bgread, but
is not checking the id of the reply received.
[...]
I'm wor
Hi Diego,
On Sat, 27 Sep 2008 10:11:15 -0400
Matt Sergeant <[EMAIL PROTECTED]> wrote:
> On Sat, 27 Sep 2008 13:56:58 +0200, Diego d'Ambra wrote:
> > To me it seems that plugin DNSBL is using Net::DNS bgsend/bgread, but
> > is not checking the id of the reply received.
[...]
> > I'm working on a
On Sat, 27 Sep 2008 13:56:58 +0200, Diego d'Ambra wrote:
> To me it seems that plugin DNSBL is using Net::DNS bgsend/bgread, but
> is not checking the id of the reply received.
>
> If true this means that an attacker can white- or blacklist any email
> by sending fake dns replies (only randomisa
15 matches
Mail list logo
