]> source.dussan.org Git - rspamd.git/commitdiff
projects / rspamd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5532e26)
[Fix] Prevent DNSWL sabotage 4627/head
authorMarc Dierksen <m.dierksen@netcon-consulting.com>
Thu, 5 Oct 2023 17:05:36 +0000 (19:05 +0200)
committerMarc Dierksen <m.dierksen@netcon-consulting.com>
Thu, 5 Oct 2023 17:05:36 +0000 (19:05 +0200)
When exceeding the query limit for DNSWL it can happen that instead
of the returncode 127.0.0.255, that according to documentation
(https://www.dnswl.org/?page_id=15) indicates a block, the
returncode 127.0.10.3 is returned for all queries.

According to documentation (https://www.dnswl.org/?page_id=15) the
127.0.10.3 returncode indicates the highest level of trustworthiness
that should never be blocked and a category of 'some special cases'.

As it turns out that documentation is a lie and that 127.0.10.3
returncode is used by DNSWL to intentionally sabotage email security
by marking all sending servers as highly trustworthy
(https://www.dnswl.org/?p=120).

conf/modules.d/rbl.conf patch | blob | history

diff --git a/conf/modules.d/rbl.conf b/conf/modules.d/rbl.conf
index e3ece5a66183dbf2c608b3081d4d999149ace0e9..c1ef6afaadc8664465ae4b4b0882ad6725edef24 100644 (file)
--- a/conf/modules.d/rbl.conf
+++ b/conf/modules.d/rbl.conf
@@ -110,11 +110,11 @@ rbl {
       whitelist_exception = "RCVD_IN_DNSWL_LOW";
       whitelist_exception = "DNSWL_BLOCKED";
       returncodes {
-        RCVD_IN_DNSWL_NONE = "127.0.%d+.0";
-        RCVD_IN_DNSWL_LOW = "127.0.%d+.1";
-        RCVD_IN_DNSWL_MED = "127.0.%d+.2";
-        RCVD_IN_DNSWL_HI = "127.0.%d+.3";
-        DNSWL_BLOCKED = "127.0.0.255";
+        RCVD_IN_DNSWL_NONE = ["127%.0%.%d%.0", "127%.0%.[02-9]%d%.0", "127%.0%.1[1-9]%.0", "127%.0%.[12]%d%d%.0"];
+        RCVD_IN_DNSWL_LOW = ["127%.0%.%d%.1", "127%.0%.[02-9]%d%.1", "127%.0%.1[1-9]%.1", "127%.0%.[12]%d%d%.1"];
+        RCVD_IN_DNSWL_MED = ["127%.0%.%d%.2", "127%.0%.[02-9]%d%.2", "127%.0%.1[1-9]%.2", "127%.0%.[12]%d%d%.2"];
+        RCVD_IN_DNSWL_HI = ["127%.0%.%d%.3", "127%.0%.[02-9]%d%.3", "127%.0%.1[1-9]%.3", "127%.0%.[12]%d%d%.3"];
+        DNSWL_BLOCKED = ["127%.0%.0%.255", "127%.0%.10%.%d+"];
       }
     }
 
@@ -155,11 +155,11 @@ rbl {
       unknown = false;
 
       returncodes {
-        DWL_DNSWL_NONE = "127.0.%d+.0";
-        DWL_DNSWL_LOW = "127.0.%d+.1";
-        DWL_DNSWL_MED = "127.0.%d+.2";
-        DWL_DNSWL_HI = "127.0.%d+.3";
-        DWL_DNSWL_BLOCKED = "127.0.0.255";
+        DWL_DNSWL_NONE = ["127%.0%.%d%.0", "127%.0%.[02-9]%d%.0", "127%.0%.1[1-9]%.0", "127%.0%.[12]%d%d%.0"];
+        DWL_DNSWL_LOW = ["127%.0%.%d%.1", "127%.0%.[02-9]%d%.1", "127%.0%.1[1-9]%.1", "127%.0%.[12]%d%d%.1"];
+        DWL_DNSWL_MED = ["127%.0%.%d%.2", "127%.0%.[02-9]%d%.2", "127%.0%.1[1-9]%.2", "127%.0%.[12]%d%d%.2"];
+        DWL_DNSWL_HI = ["127%.0%.%d%.3", "127%.0%.[02-9]%d%.3", "127%.0%.1[1-9]%.3", "127%.0%.[12]%d%d%.3"];
+        DWL_DNSWL_BLOCKED = ["127%.0%.0%.255", "127%.0%.10%.%d+"];
       }
     }
 
Rapid spam filtering system: https://github.com/rspamd/rspamd