]> source.dussan.org Git - rspamd.git/commit
projects / rspamd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5532e26) | patch
[Fix] Prevent DNSWL sabotage 4627/head
authorMarc Dierksen <m.dierksen@netcon-consulting.com>
Thu, 5 Oct 2023 17:05:36 +0000 (19:05 +0200)
committerMarc Dierksen <m.dierksen@netcon-consulting.com>
Thu, 5 Oct 2023 17:05:36 +0000 (19:05 +0200)
commit5f5a126a4ec179e91eda61aaaa219ba5ebb553eb
tree83c9ca347927e1550bb3b9cc631f44daf3f75e3etree | snapshot
parent5532e265c06649cd56839bd23f64f8d8dccb9018commit | diff
[Fix] Prevent DNSWL sabotage

When exceeding the query limit for DNSWL it can happen that instead
of the returncode 127.0.0.255, that according to documentation
(https://www.dnswl.org/?page_id=15) indicates a block, the
returncode 127.0.10.3 is returned for all queries.

According to documentation (https://www.dnswl.org/?page_id=15) the
127.0.10.3 returncode indicates the highest level of trustworthiness
that should never be blocked and a category of 'some special cases'.

As it turns out that documentation is a lie and that 127.0.10.3
returncode is used by DNSWL to intentionally sabotage email security
by marking all sending servers as highly trustworthy
(https://www.dnswl.org/?p=120).
conf/modules.d/rbl.conf diff | blob | history
Rapid spam filtering system: https://github.com/rspamd/rspamd