Re: IADB, 70_iadb.cf and multiple A records returned
On Sat, 2007-02-10 at 00:00 -0500, Theo Van Dinter wrote: O If the last one is true, is the ^ $ really necessary? [...] If it really is a RE, what preventes '127.0.0.1' to not match 127.0.0.10? Or 127.1.0.1 to not match 127.120.1.1 ? You answered your own question. :) Ok, this answers the first one. This also implies that the sub-test values is always a RE and needs to be proper delimeted. So, in the following cases: header RCVD_IN_SBLeval:check_rbl_sub('sblxbl', '127.0.0.2') header RCVD_IN_MAPS_RSS eval:check_rbl_sub('rblplus', '4') (the last one is really commented out) If spamhaus decides expand the ruturn code and 127.0.0.20 becomes valid for something like this ip has an opt-in list, this rule would be broken, right? (sure, we dont expect this change to happen). -Raul Dias
Re: IADB, 70_iadb.cf and multiple A records returned
On Sat, Feb 10, 2007 at 10:09:35AM -0300, Raul Dias wrote: This also implies that the sub-test values is always a RE and needs to be proper delimeted. If you read perldoc Mail::SpamAssassin::Conf, specifically the check_rbl_sub() section, it'll explain what the subtests can be. It can be several things, including an RE. -- Randomly Selected Tagline: No, I'm not interested in developing a powerful brain. All I'm after is just a mediocre brain, something like the president of American Telephone and Telegraph Company. -- Alan Turing on the possibilities of a thinking machine, 1943. pgp6716N0MiyG.pgp Description: PGP signature
Re: IADB, 70_iadb.cf and multiple A records returned
On Sat, 2007-02-10 at 16:53 -0500, Theo Van Dinter wrote: On Sat, Feb 10, 2007 at 10:09:35AM -0300, Raul Dias wrote: This also implies that the sub-test values is always a RE and needs to be proper delimeted. If you read perldoc Mail::SpamAssassin::Conf, specifically the check_rbl_sub() section, it'll explain what the subtests can be. It can be several things, including an RE. Yes, I read that. The question is what makes it a RE if not the delimiter? As we discussed earlier the ^ $ is necessary to avoid matching other numbers, which will only be possible if the value is a RE. So: 1 - '^127.0.0.1$' matches only 127.0.0.1 and thats a RE. 2 - '127.0.0.1' might match 127.0.0.12 (if it is considered an RE). If 2 is false, than 1 is unecessary, right? -Raul Dias
IADB, 70_iadb.cf and multiple A records returned
Looking at the IADB page: http://www.isipp.com/iadbcodes.php , it says: ... When queried, the IADB will return one or more A records for any site which is listed in the IADB ... Now looking at the 70_iadb.cf file from sa-update, most rules are like this: eval:check_rbl_sub('iadb-firsttrusted', '^127.2.255.1$') Doesn't this prevents the test if more than one A record is returned (^ and $)?? Or each check_rbl_sub is called for each A record returned?? If the last one is true, is the ^ $ really necessary? If this is set because it is an RE, doesn it need the / / too? If it really is a RE, what preventes '127.0.0.1' to not match 127.0.0.10? Or 127.1.0.1 to not match 127.120.1.1 ? Shouldn't the dots be escaped too? Thats enought for now :) - Raul Dias
Re: IADB, 70_iadb.cf and multiple A records returned
On Sat, Feb 10, 2007 at 12:42:53AM -0300, Raul Dias wrote: eval:check_rbl_sub('iadb-firsttrusted', '^127.2.255.1$') Doesn't this prevents the test if more than one A record is returned (^ and $)?? No. They're not all in a string, the match happens against each response individually. Or each check_rbl_sub is called for each A record returned?? No, just one call. If this is set because it is an RE, doesn it need the / / too? Nope. The code does that for us. If the last one is true, is the ^ $ really necessary? [...] If it really is a RE, what preventes '127.0.0.1' to not match 127.0.0.10? Or 127.1.0.1 to not match 127.120.1.1 ? You answered your own question. :) Shouldn't the dots be escaped too? Arguably, yes. It works out that things like /^127.0.0.1$/ won't match any other valid IP though, so in the end it's ok, but technically the dots should be escaped. Note: I don't recall if the code escapes the dots for us, but I don't think so. -- Randomly Selected Tagline: Integrity is doing the right thing when nobody is watching you. - Infonaut on Slashdot pgp1shllGv5wM.pgp Description: PGP signature