rbl.lua: Try harder to avoid invalid DNS lookups

author Andrew Lewis <nerf@judo.za.org>

Fri, 13 Feb 2015 09:23:06 +0000 (11:23 +0200)

committer Andrew Lewis <nerf@judo.za.org>

Fri, 13 Feb 2015 09:42:38 +0000 (11:42 +0200)
author Andrew Lewis <nerf@judo.za.org>
Fri, 13 Feb 2015 09:23:06 +0000 (11:23 +0200)
committer Andrew Lewis <nerf@judo.za.org>
Fri, 13 Feb 2015 09:42:38 +0000 (11:42 +0200)
diff --git a/src/plugins/lua/rbl.lua b/src/plugins/lua/rbl.lua

index f89055f2690068ed70f7f7ec826ec229c2e6209a..bb0732820855fecc276acd791cfa1d2692a3f130 100644 (file)
--- a/src/plugins/lua/rbl.lua
+++ b/src/plugins/lua/rbl.lua
@@ -2,6 +2,19 @@ local rbls = {}
  
  local rspamd_logger = require "rspamd_logger"
  
+local function validate_dns(lstr, rstr)
+  if (lstr:len() + rstr:len()) > 252 then
+    return false
+  end
+  for v in lstr:gmatch("[^%.]+") do
+    if not v:match("^[%w%.-]+$") or v:len() > 63
+      or v:match("^-") or v:match("-$") then
+      return false
+    end
+  end
+  return true
+end
+
  local function ip_to_rbl(ip, rbl)
    return table.concat(ip:inversed_str_octets(), ".") .. '.' .. rbl
  end
@@ -82,7 +95,8 @@ local function rbl_cb (task)
           end
           if not havegot['helo'] then
             havegot['helo'] = task:get_helo()
-           if havegot['helo'] == nil or string.sub(havegot['helo'],1,1) == '[' then
+           if havegot['helo'] == nil or
+              not validate_dns(havegot['helo'], rbl['rbl']) then
               notgot['helo'] = true
               return
             end
author	Andrew Lewis <nerf@judo.za.org>
	Fri, 13 Feb 2015 09:23:06 +0000 (11:23 +0200)
committer	Andrew Lewis <nerf@judo.za.org>
	Fri, 13 Feb 2015 09:42:38 +0000 (11:42 +0200)