Mailing List Archive

[Bug 2631] Option to restrict dnslists to specific networks and log a warning if they return IP addresses outside this range
https://bugs.exim.org/show_bug.cgi?id=2631

--- Comment #11 from Simon Arlott <bugzilla.exim.simon@arlott.org> ---
(In reply to Jeremy Harris from comment #4)
> Decided to go with a hardwired check for 127.0.0.0/8 - there doesn't seem to
> be need for making it configurable at this time.

It needs to be possible to consider these codes as errors too:
https://www.spamhaus.org/news/article/807/using-our-public-mirrors-check-your-return-codes-now

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[Bug 2631] Option to restrict dnslists to specific networks and log a warning if they return IP addresses outside this range [ In reply to ]
https://bugs.exim.org/show_bug.cgi?id=2631

--- Comment #12 from Jeremy Harris <jgh146exb@wizmail.org> ---
zen.spamhaus.org!&0.255.255.0 does that.

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[Bug 2631] Option to restrict dnslists to specific networks and log a warning if they return IP addresses outside this range [ In reply to ]
https://bugs.exim.org/show_bug.cgi?id=2631

--- Comment #13 from Simon Arlott <bugzilla.exim.simon@arlott.org> ---
No it doesn't.

That will not generate the appropriate error message in the log when those
responses are returned.

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[Bug 2631] Option to restrict dnslists to specific networks and log a warning if they return IP addresses outside this range [ In reply to ]
https://bugs.exim.org/show_bug.cgi?id=2631

--- Comment #14 from Jeremy Harris <jgh146exb@wizmail.org> ---
You didn't say you wanted that.

sndr_notin_dnslist:
accept !dnslist = zen.spamhaus.org
accept condition = ${if eq {$dnslist_value}{127.255.255.252}}
logwrite = Typing error in DNSBL Name
accept condition = ${if eq {$dnslist_value}{127.255.255.254}}
logwrite = Query via public/open resolver/generic
unattributable rDNS
accept condition = ${if eq {$dnslist_value}{127.255.255.255}}
logwrite = Excessive Number of Queries
deny

acl_chk_mail:
...
require acl = sndr_notin_dnslist
...

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[Bug 2631] Option to restrict dnslists to specific networks and log a warning if they return IP addresses outside this range [ In reply to ]
https://bugs.exim.org/show_bug.cgi?id=2631

--- Comment #15 from Simon Arlott <bugzilla.exim.simon@arlott.org> ---
That's great but the entire point of this feature request is for Exim to do it
automatically without that level of complexity in the ACL.

I did suggest it should be configurable, and Exim supports address lists that
would make that trivial to implement.

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[Bug 2631] Option to restrict dnslists to specific networks and log a warning if they return IP addresses outside this range [ In reply to ]
https://bugs.exim.org/show_bug.cgi?id=2631

--- Comment #16 from Simon Arlott <bugzilla.exim.simon@arlott.org> ---
(In reply to Jeremy Harris from comment #14)
> accept condition = ${if eq {$dnslist_value}{127.255.255.252}}

Note that this doesn't work if there is more than one A record returned: "If
more than one address record is returned by the DNS lookup, all the IP
addresses are included in $dnslist_value, separated by commas and spaces."

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##