Mailing List Archive

[Bug 2631] New: Option to restrict dnslists to specific networks and log a warning if they return IP addresses outside this range
https://bugs.exim.org/show_bug.cgi?id=2631

Bug ID: 2631
Summary: Option to restrict dnslists to specific networks and
log a warning if they return IP addresses outside this
range
Product: Exim
Version: N/A
Hardware: All
OS: All
Status: NEW
Severity: wishlist
Priority: medium
Component: ACLs
Assignee: jgh146exb@wizmail.org
Reporter: bugzilla.exim.simon@arlott.org
CC: exim-dev@exim.org

If a dnslist domain expires and is registered by someone else that puts a
wildcard record in pointing at a webserver, it starts returning IP addresses
outside of 127.0.0.0/8.

It would be useful if Exim could log a warning when this happens and ignore all
results for that dnslist lookup.

An address list configuration option would be the most flexible way to do this
because 127.0.0.0 and 172.0.0.1 could be prohibited too if they are never used
by any dnslists.

It is possible to use "&127.0.0.0" but this allows 255.0.0.0/8 too and doesn't
inform the server operator that the dnslist is returning invalid responses. For
that reason the check must be applied before any other filtering specified in
the ACL entry itself.

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##