/[smeserver]/rpms/qpsmtpd/sme8/0021-ignore-search-path-in-DNS-lookups.patch
ViewVC logotype

Annotation of /rpms/qpsmtpd/sme8/0021-ignore-search-path-in-DNS-lookups.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Sun Nov 14 20:50:20 2010 UTC (14 years ago) by slords
Branch: MAIN
CVS Tags: qpsmtpd-0_84-3_el5_sme, qpsmtpd-0_84-6_el5_sme, qpsmtpd-0_84-2_el5_sme, qpsmtpd-0_84-5_el5_sme, qpsmtpd-0_84-8_el5_sme, qpsmtpd-0_84-9_el5_sme, qpsmtpd-0_84-4_el5_sme, qpsmtpd-0_84-7_el5_sme, HEAD
* Sun Nov 14 2010 <slords@mail.com> 0.84-2.sme
- Sync with upstream git repo.
- Fix require_resolvable_fromhost doesn't work [SME: 6369]
- Fix TLS security defaults [SME: 6366]
- Fix fatal errors when mail has no headers [SME: 6345]

1 slords 1.1 From 803a320127f372fa1b6333155da7134a8efef619 Mon Sep 17 00:00:00 2001
2     From: Robert <rspier@pobox.com>
3     Date: Sun, 25 Jul 2010 21:44:02 -0700
4     Subject: ignore search path in DNS lookups
5    
6     2. If the name doesn't end in a dot then append each item in the search list to the name.
7     This is only done if dnsrch is true.
8    
9     triggered by..
10    
11     From: Charlie Brady <charlieb-qpsmtpd@budge.apana.org.au>
12     Subject: [BUG] Default search path used in require_resolvable_fromhost
13     Date: Sat, 17 Jul 2010 16:24:42 -0400 (EDT)
14     Message-ID:
15     <Pine.LNX.4.64.1007171623040.17109@e-smith.charlieb.ott.istop.com>
16    
17     http://bugs.contribs.org/show_bug.cgi?id=5808
18    
19     Jesper Knudsen 2010-03-01 01:29:10 MST
20    
21     When using the require_resolvable_fromhost plugin for qpsmtpd I noticed
22     that mails from user@localhost.localdomain was actually getting through
23     this filter. I finally found out that the plugin has a bug that causes it
24     to insert default search path if it cannot find the domain. This means in
25     my case that localhost.localdomain was then tried resolved as
26     localhost.localdomain.swerts-knudsen.dk and since I have a wilcard CNAME
27     was resolved as my public IP.
28    
29     Since this plugin is only enabled for public interface the fix is to set
30     the "dnsrch" flag when creating the Net::DNS object.
31    
32     In require_resolvable_fromhost:
33     my $res = Net::DNS::Resolver->new (
34     dnsrch => 0
35     );
36     ---
37     Changes | 2 ++
38     plugins/require_resolvable_fromhost | 4 ++--
39     2 files changed, 4 insertions(+), 2 deletions(-)
40    
41     diff --git a/Changes b/Changes
42     index 49452cd..a864b4f 100644
43     --- a/Changes
44     +++ b/Changes
45     @@ -1,6 +1,8 @@
46    
47     Next Version
48    
49     + require_resolvable_fromhost ignores DNS search path (i.e. it expects fully resolved domains) (Robert Spier, Charlie Brady)
50     +
51     new plugin auth_vpopmaild (Robin Bowes)
52    
53     new plugin auth_checkpassword (Matt Simerson)
54     diff --git a/plugins/require_resolvable_fromhost b/plugins/require_resolvable_fromhost
55     index a949460..e9e2a91 100644
56     --- a/plugins/require_resolvable_fromhost
57     +++ b/plugins/require_resolvable_fromhost
58     @@ -58,7 +58,7 @@ sub check_dns {
59    
60     return 1 if $host =~ m/^\[(\d{1,3}\.){3}\d{1,3}\]$/;
61    
62     - my $res = new Net::DNS::Resolver;
63     + my $res = new Net::DNS::Resolver(dnsrch => 0);
64     $res->tcp_timeout(30);
65     $res->udp_timeout(30);
66     my @mx = mx($res, $host);
67     @@ -116,7 +116,7 @@ sub is_valid {
68    
69     sub mx_valid {
70     my ($self, $name, $host) = @_;
71     - my $res = new Net::DNS::Resolver;
72     + my $res = new Net::DNS::Resolver(dnsrch => 0);
73     # IP in MX
74     return is_valid($name) if ip_is_ipv4($name) or ip_is_ipv6($name);
75    
76     --
77     1.7.2.2
78    

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed