Author: sidney
Date: Sat Mar 9 05:09:26 2024
New Revision: 1916193
URL: http://svn.apache.org/viewvc?rev=1916193&view=rev
Log:
bug 8225 - Use Net::DNS::Resolver for TCP fallback for truncated DNS UDP replies
Modified:
spamassassin/trunk/lib/Mail/SpamAssassin/DnsResolver.pm
spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/SPF.pm
spamassassin/trunk/t/askdns.t
Modified: spamassassin/trunk/lib/Mail/SpamAssassin/DnsResolver.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/DnsResolver.pm?rev=1916193&r1=1916192&r2=1916193&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/DnsResolver.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/DnsResolver.pm Sat Mar 9 05:09:26 2024
@@ -837,6 +837,30 @@ sub poll_responses {
info("dns: bad dns reply: %s", $eval_stat);
};
+ # bug 8225 - Do TCP fallback when UDP reply packet is too long, by retrying using Net::DNS::Resolver bgsend and bgread
+ my ($id, $packet_id);
+ if ($packet && $packet->header) {
+ my $header = $packet->header;
+ $packet_id = $header->id; # set these here in case we need to retry for TCP fallback
+ $id = $self->_packet_id($packet); # which will change $packet to a different class object
+ if ($header->rcode eq 'NOERROR' && $header->tc) {
+ # Use original Resolver which can handle TCP fallback, but keep id from the custom packet
+ my (undef, $qclass, $qtype, $qname) = split('/', $id);
+ dbg("dns: TCP fallback retry with %s, %s, %s", $qname, $qtype, $qclass);
+ my $orig_resolver = $self->{main}->{resolver}->get_resolver();
+ eval {
+ my $handle = $orig_resolver->bgsend($qname, $qtype, $qclass);
+ $packet = $orig_resolver->bgread($handle);
+ } or do {
+ undef $packet;
+ my $eval_stat = $@ ne '' ? $@ : "errno=$!"; chomp $eval_stat;
+ # resignal if alarm went off
+ die $eval_stat if $eval_stat =~ /__alarm__ignore__\(.*\)/s;
+ info("dns: bad dns tcp fallback reply: %s", $eval_stat);
+ };
+ }
+ }
+
if (!$packet) {
# error already reported above
# my $dns_err = $self->{res}->errorstring;
@@ -848,9 +872,6 @@ sub poll_responses {
info("dns: dns reply is missing a header section");
} else {
my $rcode = $header->rcode;
- my $packet_id = $header->id;
- my $id = $self->_packet_id($packet);
-
if ($rcode eq 'NOERROR') { # success
# NOERROR, may or may not have answer records
dbg("dns: dns reply %s is OK, %d answer records",
Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/SPF.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/SPF.pm?rev=1916193&r1=1916192&r2=1916193&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/SPF.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/SPF.pm Sat Mar 9 05:09:26 2024
@@ -569,7 +569,7 @@ sub _check_spf {
# Mail::SPF::Server can be re-used, and we get to use our own resolver object!
$self->{spf_server} = Mail::SPF::Server->new(
hostname => $scanner->get_tag('HOSTNAME'),
- dns_resolver => $self->{main}->{resolver}->get_resolver(),
+ dns_resolver => $self->{main}->{resolver},
max_dns_interactive_terms => 20);
# Bug 7112: max_dns_interactive_terms defaults to 10, but even 14 is
# not enough for ebay.com, setting it to 15 NOTE: raising to 20 per bug 7182
Modified: spamassassin/trunk/t/askdns.t
URL: http://svn.apache.org/viewvc/spamassassin/trunk/t/askdns.t?rev=1916193&r1=1916192&r2=1916193&view=diff
==============================================================================
--- spamassassin/trunk/t/askdns.t (original)
+++ spamassassin/trunk/t/askdns.t Sat Mar 9 05:09:26 2024
@@ -13,7 +13,7 @@ use Test::More;
plan skip_all => "Net tests disabled" unless conf_bool('run_net_tests');
plan skip_all => "Can't use Net::DNS Safely" unless can_use_net_dns_safely();
-my $tests = 3;
+my $tests = 6;
$tests += 4 if (HAS_DKIM_VERIFIER);
plan tests => $tests;
@@ -55,5 +55,16 @@ tstlocalrules(q{
);
ok sarun ("-t -D < data/nice/001 2>&1", \&patterns_run_cb);
ok_all_patterns();
+clear_pattern_counters();
+
+tstlocalrules(q{
+ askdns ASKDNS_TXT_SPF2 txttcp.spamassassin.org TXT /^v=spf1 include:dnsbltest.spamassassin.org -all$/
+});
+%patterns = (
+ q{ ASKDNS_TXT_SPF2 } => 'ASKDNS_TXT_SPF2',
+ '[txttcp.spamassassin.org TXT:v=spf1]' => 'ASKDNS_TXT_SPF2_LOG',
+);
+ok sarun ("-t -D < data/nice/001 2>&1", \&patterns_run_cb);
+ok_all_patterns();
clear_pattern_counters();
Date: Sat Mar 9 05:09:26 2024
New Revision: 1916193
URL: http://svn.apache.org/viewvc?rev=1916193&view=rev
Log:
bug 8225 - Use Net::DNS::Resolver for TCP fallback for truncated DNS UDP replies
Modified:
spamassassin/trunk/lib/Mail/SpamAssassin/DnsResolver.pm
spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/SPF.pm
spamassassin/trunk/t/askdns.t
Modified: spamassassin/trunk/lib/Mail/SpamAssassin/DnsResolver.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/DnsResolver.pm?rev=1916193&r1=1916192&r2=1916193&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/DnsResolver.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/DnsResolver.pm Sat Mar 9 05:09:26 2024
@@ -837,6 +837,30 @@ sub poll_responses {
info("dns: bad dns reply: %s", $eval_stat);
};
+ # bug 8225 - Do TCP fallback when UDP reply packet is too long, by retrying using Net::DNS::Resolver bgsend and bgread
+ my ($id, $packet_id);
+ if ($packet && $packet->header) {
+ my $header = $packet->header;
+ $packet_id = $header->id; # set these here in case we need to retry for TCP fallback
+ $id = $self->_packet_id($packet); # which will change $packet to a different class object
+ if ($header->rcode eq 'NOERROR' && $header->tc) {
+ # Use original Resolver which can handle TCP fallback, but keep id from the custom packet
+ my (undef, $qclass, $qtype, $qname) = split('/', $id);
+ dbg("dns: TCP fallback retry with %s, %s, %s", $qname, $qtype, $qclass);
+ my $orig_resolver = $self->{main}->{resolver}->get_resolver();
+ eval {
+ my $handle = $orig_resolver->bgsend($qname, $qtype, $qclass);
+ $packet = $orig_resolver->bgread($handle);
+ } or do {
+ undef $packet;
+ my $eval_stat = $@ ne '' ? $@ : "errno=$!"; chomp $eval_stat;
+ # resignal if alarm went off
+ die $eval_stat if $eval_stat =~ /__alarm__ignore__\(.*\)/s;
+ info("dns: bad dns tcp fallback reply: %s", $eval_stat);
+ };
+ }
+ }
+
if (!$packet) {
# error already reported above
# my $dns_err = $self->{res}->errorstring;
@@ -848,9 +872,6 @@ sub poll_responses {
info("dns: dns reply is missing a header section");
} else {
my $rcode = $header->rcode;
- my $packet_id = $header->id;
- my $id = $self->_packet_id($packet);
-
if ($rcode eq 'NOERROR') { # success
# NOERROR, may or may not have answer records
dbg("dns: dns reply %s is OK, %d answer records",
Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/SPF.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/SPF.pm?rev=1916193&r1=1916192&r2=1916193&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/SPF.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/SPF.pm Sat Mar 9 05:09:26 2024
@@ -569,7 +569,7 @@ sub _check_spf {
# Mail::SPF::Server can be re-used, and we get to use our own resolver object!
$self->{spf_server} = Mail::SPF::Server->new(
hostname => $scanner->get_tag('HOSTNAME'),
- dns_resolver => $self->{main}->{resolver}->get_resolver(),
+ dns_resolver => $self->{main}->{resolver},
max_dns_interactive_terms => 20);
# Bug 7112: max_dns_interactive_terms defaults to 10, but even 14 is
# not enough for ebay.com, setting it to 15 NOTE: raising to 20 per bug 7182
Modified: spamassassin/trunk/t/askdns.t
URL: http://svn.apache.org/viewvc/spamassassin/trunk/t/askdns.t?rev=1916193&r1=1916192&r2=1916193&view=diff
==============================================================================
--- spamassassin/trunk/t/askdns.t (original)
+++ spamassassin/trunk/t/askdns.t Sat Mar 9 05:09:26 2024
@@ -13,7 +13,7 @@ use Test::More;
plan skip_all => "Net tests disabled" unless conf_bool('run_net_tests');
plan skip_all => "Can't use Net::DNS Safely" unless can_use_net_dns_safely();
-my $tests = 3;
+my $tests = 6;
$tests += 4 if (HAS_DKIM_VERIFIER);
plan tests => $tests;
@@ -55,5 +55,16 @@ tstlocalrules(q{
);
ok sarun ("-t -D < data/nice/001 2>&1", \&patterns_run_cb);
ok_all_patterns();
+clear_pattern_counters();
+
+tstlocalrules(q{
+ askdns ASKDNS_TXT_SPF2 txttcp.spamassassin.org TXT /^v=spf1 include:dnsbltest.spamassassin.org -all$/
+});
+%patterns = (
+ q{ ASKDNS_TXT_SPF2 } => 'ASKDNS_TXT_SPF2',
+ '[txttcp.spamassassin.org TXT:v=spf1]' => 'ASKDNS_TXT_SPF2_LOG',
+);
+ok sarun ("-t -D < data/nice/001 2>&1", \&patterns_run_cb);
+ok_all_patterns();
clear_pattern_counters();