http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5563
Summary: 17 of the RDNS_DYNAMIC rules use order-dependent fields
Product: Spamassassin
Version: SVN Trunk (Latest Devel Version)
Platform: Other
OS/Version: other
Status: NEW
Severity: normal
Priority: P5
Component: Rules
AssignedTo: [email protected]
ReportedBy: [EMAIL PROTECTED]
The rules in 20_dynrdns.cf look for dynamic-like RDNS patterns in the last
untrusted relay, excluding clients that have autenticated with SMTP+AUTH. This
is typically implemented like:
header __RDNS_DYNAMIC_IPADDR X-Spam-Relays-Untrusted =~ /^[^\]]+
rdns=[a-z]\S*\d+[^\d\s]\d+[^\d\s]\d+[^\d\s]\d+[^\d\s][^\.]*\.\S+\.\S+[^\]]+
auth= /i
'^[^\]]+ ' ensures that the regex can only match the first untrusted relay.
'[^\]]+ auth= /' ensures that the first untrusted relay did not use SMTP+AUTH.
However, this second part is wrong. According to Justin Mason, "the format of
X-Spam-Relays-Untrusted explicitly defines that consumers should not assume a
specific order of items."
[ ip=81.30.186.139 rdns=pptp-81-30-186-139.ufanet.ru
helo=pptp-81-30-186-139.ufanet.ru by=triscuit.stern.ca ident= envfrom= intl=0
id=l6HAgHqw011726 auth= msa=0 ]
We could fix this using something similar to .*, except that it is both slow and
still doesn't solve the problem (what if auth precedes rdns?). A much better
solution that Justin and I have come up with is as follows:
Remove '[^\]] auth= ' from the end of all of the RDNS regexes. Some of these
were missing already. Whoops! Add the following sub-rule:
header __LAST_UNTRUSTED_RELAY_NO_AUTH X-Spam-Relays-Untrusted =~ /^[^\]]+ auth=
/
Modify the big meta rule:
meta RDNS_DYNAMIC (__LAST_UNTRUSTED_RELAY_NO_AUTH && (*old RDNS_DYNAMIC
rule*))
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
