Re: [Assp-test] [bug] DoIPinHelo catches also whitelisted

Thu, 11 Dec 2014 00:42:27 -0800 

There is such whitelisting bug when using DoInvalidFormatHelo. I did
use it to recreate DoIPinHelo functionality and disabled DoIPinHelo,
so I managed to walk around this bug for now.

2014-12-11 6:58 GMT+01:00 krz...@gmail.com <krz...@gmail.com>:
> DoFakedWL = 1
>
> Dec-05-14 10:33:26 72006-2995428 [Worker_2] 178.32.201.69
> <sen...@domain.com> info: found message size announcement: 1.59 kByte
> Dec-05-14 10:33:26 72006-2995428 [Worker_2] 178.32.201.69
> <sen...@domain.com> Message-Score: added 150 (fiphValencePB) for
> Suspicious HELO - contains IP: '171-32-201-69.ovh.net', total score
> for this message is now 150
> Dec-05-14 10:33:26 [Worker_2] sen...@domain.com,recipi...@mydomain.com
> matches sen...@domain.com,recipi...@mydomain.com in whiteListedDomain
> Dec-05-14 10:33:26 72006-2995428 [Worker_2] 178.32.201.69
> <sen...@domain.com> [scoring] (Suspicious HELO - contains IP:
> '172-32-201-69.ovh.net')
> Dec-05-14 10:33:26 72006-2995428 [Worker_2] [MessageLimit]
> 172.32.201.69 <sen...@domain.com> to: recipi...@mydomain.com [spam
> found] (MessageScore 150, limit 50) [Kolejny test];
>
> DoIPinHelo catches also whitelisted in both cases:
> 1) whitelisted as sen...@domain.com
> 2) whitelisted as sen...@domain.com => recipi...@mydomain.com
> (personal whitelist)
>
> There is a bug somewhere in the code:
>
> sub IPinHeloOK_Run {
> ...
>     return 1 if $DoFakedWL && &Whitelist($this->{mailfrom});
>
>
> this code does not work at all and even if it would it does not pass
> $this{rcpt} to function Whitelist (so personal whitelist would not
> work).
>
> when I've changed this to
>     return 1 if $this->{whitelisted}  && $DoFakedWL;
>
> whitelisting did work but not for personal whitelists.
>
>
>
> another bug is that sub validHeloOK Run uses old whitelisting method
> without handling for personal whitelists:
>     return 1 if $this->{whitelisted}  && !$DoHeloWL;

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Reply via email to