Matt Sergeant wrote:
On Sat, 27 Sep 2008 13:56:58 +0200, Diego d'Ambra wrote:To me it seems that plugin DNSBL is using Net::DNS bgsend/bgread, but is not checking the id of the reply received.If true this means that an attacker can white- or blacklist any emailThinking more about this - since we don't do any "dnswl" type stuff, it doesn't seem that relevant. All the attacker can do is blacklist more emails, which given the timings surely he can only blacklist his own emails? Just a thought - wondering if this really needs to be fixed.
I made a little change to DNSBL to ensure it randomize scr port and I see a major difference.
---snip--- my $res = new Net::DNS::Resolver; $res->tcp_timeout(30); $res->udp_timeout(30); $res->srcport(1024+int(rand(64511))); ---snip---Anyway the worst is maybe that with current solution, results are very wrong - e.g. blacklisting a sender that shouldn't be, but is because no checking of received dns replies. The more busy your server is, the more it happens - on a server handling around 2 millions SMTP sessions per day, I see blacklisting of "valid" sender about every 30 seconds.
I vote for a fix :-) Best regards, Diego d'Ambra
smime.p7s
Description: S/MIME Cryptographic Signature
