Edgewall Software

Opened 10 years ago

Closed 10 years ago

#7627 closed defect (fixed)

IPBlacklistFilterStrategy not properly querying the DNS RBLs

Reported by: testnutzer123@… Owned by: Jonas Borgström
Priority: highest Milestone:
Component: plugin/spamfilter Version:
Severity: normal Keywords:
Release Notes:
API Changes:


The spam filter IPBlacklistFilterStrategy queries doesn't finalize the dns names to query properly and therefore does only relative lookups.

It queries, for exmaple, for '' when it should be querying for ''

Although this works most of the times it will not if the resolver has zones configured to query for relative lookup in case absolute lookups doesn't yield anything. And one of those zones suddenly starts resolving wildcard.

Suppose you got:

  • and a resolv.conf like
    domain example.org
    search example.org example.com
  • And example.com will start to resolve wildcard.

Internally queries will be:

  • A ←- OOPS

Hence sandbox/spam-filter/tracspamfilter/filters/ip_blacklist.py@4111#L55 must be modified to:

  • either
    query(prefix + server.encode('utf-8') + '.')
  • or better
    from dns.name import from_text
    query(from_text(prefix + server.encode('utf-8')))

This bug is particularly bad as it might bite you in the arse all of a sudden when some infrastructure changes that you might not have under control.

Attachments (0)

Change History (2)

comment:1 Changed 10 years ago by Jonas Borgström

Owner: set to Jonas Borgström

comment:2 Changed 10 years ago by Jonas Borgström

Resolution: fixed
Status: newclosed

Fixed in [7539], thanks.

Modify Ticket

Change Properties
Set your email in Preferences
as closed The owner will remain Jonas Borgström.
The resolution will be deleted.
to The owner will be changed from Jonas Borgström to the specified user.

Add Comment

E-mail address and name can be saved in the Preferences .
Note: See TracTickets for help on using tickets.