On 2006-03-14 22:29:33 +0100, Peter J. Holzer wrote: > My expectation was wrong. As Sidney Markowitz in > http://issues.apache.org/SpamAssassin/show_bug.cgi?id=3997#c73 points > out: > > | Net::DNS can't use the ID field to ensure that a bgread matches up with > | a bgsend unless it cached every socket returned by bgsend in order to > | save the ID in a hash with it. > > So the matching has to be done by the application. We don't actually > have to check the ID (although we probably should to avoid spoofed > responses), but we should at least check if the name in the request > matches the name in the query. (currently the name is only extracted to > find out which rbl this was)
Here is a first patch. It checks only if the name(s) in the answer
section match the name(s) in the queries. It doesn't try to match IDs.
I think that is acceptable in this case, as presumably qpsmtpd and the
nameserver are behind the same firewall or even on the same host.
hp
--
_ | Peter J. Holzer | Ich sehe nun ein, dass Computer wenig
|_|_) | Sysadmin WSR | geeignet sind, um sich was zu merken.
| | | [EMAIL PROTECTED] |
__/ | http://www.hjp.at/ | -- Holger Lembke in dan-am
pgpBKIN1FHoCy.pgp
Description: PGP signature
