From 5f5a126a4ec179e91eda61aaaa219ba5ebb553eb Mon Sep 17 00:00:00 2001 From: Marc Dierksen Date: Thu, 5 Oct 2023 19:05:36 +0200 Subject: [PATCH] [Fix] Prevent DNSWL sabotage When exceeding the query limit for DNSWL it can happen that instead of the returncode 127.0.0.255, that according to documentation (https://www.dnswl.org/?page_id=15) indicates a block, the returncode 127.0.10.3 is returned for all queries. According to documentation (https://www.dnswl.org/?page_id=15) the 127.0.10.3 returncode indicates the highest level of trustworthiness that should never be blocked and a category of 'some special cases'. As it turns out that documentation is a lie and that 127.0.10.3 returncode is used by DNSWL to intentionally sabotage email security by marking all sending servers as highly trustworthy (https://www.dnswl.org/?p=120). --- conf/modules.d/rbl.conf | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/conf/modules.d/rbl.conf b/conf/modules.d/rbl.conf index e3ece5a66..c1ef6afaa 100644 --- a/conf/modules.d/rbl.conf +++ b/conf/modules.d/rbl.conf @@ -110,11 +110,11 @@ rbl { whitelist_exception = "RCVD_IN_DNSWL_LOW"; whitelist_exception = "DNSWL_BLOCKED"; returncodes { - RCVD_IN_DNSWL_NONE = "127.0.%d+.0"; - RCVD_IN_DNSWL_LOW = "127.0.%d+.1"; - RCVD_IN_DNSWL_MED = "127.0.%d+.2"; - RCVD_IN_DNSWL_HI = "127.0.%d+.3"; - DNSWL_BLOCKED = "127.0.0.255"; + RCVD_IN_DNSWL_NONE = ["127%.0%.%d%.0", "127%.0%.[02-9]%d%.0", "127%.0%.1[1-9]%.0", "127%.0%.[12]%d%d%.0"]; + RCVD_IN_DNSWL_LOW = ["127%.0%.%d%.1", "127%.0%.[02-9]%d%.1", "127%.0%.1[1-9]%.1", "127%.0%.[12]%d%d%.1"]; + RCVD_IN_DNSWL_MED = ["127%.0%.%d%.2", "127%.0%.[02-9]%d%.2", "127%.0%.1[1-9]%.2", "127%.0%.[12]%d%d%.2"]; + RCVD_IN_DNSWL_HI = ["127%.0%.%d%.3", "127%.0%.[02-9]%d%.3", "127%.0%.1[1-9]%.3", "127%.0%.[12]%d%d%.3"]; + DNSWL_BLOCKED = ["127%.0%.0%.255", "127%.0%.10%.%d+"]; } } @@ -155,11 +155,11 @@ rbl { unknown = false; returncodes { - DWL_DNSWL_NONE = "127.0.%d+.0"; - DWL_DNSWL_LOW = "127.0.%d+.1"; - DWL_DNSWL_MED = "127.0.%d+.2"; - DWL_DNSWL_HI = "127.0.%d+.3"; - DWL_DNSWL_BLOCKED = "127.0.0.255"; + DWL_DNSWL_NONE = ["127%.0%.%d%.0", "127%.0%.[02-9]%d%.0", "127%.0%.1[1-9]%.0", "127%.0%.[12]%d%d%.0"]; + DWL_DNSWL_LOW = ["127%.0%.%d%.1", "127%.0%.[02-9]%d%.1", "127%.0%.1[1-9]%.1", "127%.0%.[12]%d%d%.1"]; + DWL_DNSWL_MED = ["127%.0%.%d%.2", "127%.0%.[02-9]%d%.2", "127%.0%.1[1-9]%.2", "127%.0%.[12]%d%d%.2"]; + DWL_DNSWL_HI = ["127%.0%.%d%.3", "127%.0%.[02-9]%d%.3", "127%.0%.1[1-9]%.3", "127%.0%.[12]%d%d%.3"]; + DWL_DNSWL_BLOCKED = ["127%.0%.0%.255", "127%.0%.10%.%d+"]; } } -- 2.39.5