Am 24.11.15 um 14:40 schrieb Matthias Apitz:
El día Tuesday, November 24, 2015 a las 01:47:23PM +0100, Reindl Harald
escribió:
On 24.11.15 13:24, Reindl Harald wrote:
on the other hand why can't SA not do the lookup for the IP of
"Received: from [140.211.11.3]" given that it does a lot of dns
lookups anyway?
just because of that - to limit the number of outgoing DNS requests and
focus on that haven't been done before. That's why SA uses existing
headers
like Received: and Received-SPF:
[...]
If someone would have a patch for this, I'd be happy to help testing.
Older versions performed rdns lookups for every IP in relay-untrusted
directly in Received.pm, this was deleted:
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=5054
The attached patch adds one dns request, in fact that rdns is empty and
the mta is known (via Received.pm) to not always add one.
I added the check as another eval in DNSEval.pm. This seems
straightforward.
Then I realized, that Spamassassin doesn't catch the DNS responses from
its Resolver in a very generic way. It catches only RBL returns and, as
a hack for a specific rule, a special MX/A record.
Therefore I had to change Dns.pm as well, which I'm not happy with it ;)
Btw. I think it works also for __CGATE_RCVD and __DOMINO_RCVD, i.e. for
all mtas, that decline to add rdns themselves.
The BOTNET plugin performs it's reverse lookup in a primitive way on
it's own. IMO it's better to use the Spamassassin Resolver, but more
generic, for the existing NO_DNS_FOR_FROM rule and for the RDNS_NONE one.
Any suggestions are welcome.
Edda
Anyway, for the moment, here's the patch, diff is on version 3.4.1:
Rule (I tested it as a simple rule in local.cf, sure one can combine it
with RDNS_NONE):
ifplugin Mail::SpamAssassin::Plugin::DNSEval
header NO_RDNS_FOR_LAST_EXTERNAL eval:check_dns_rdns()
describe NO_RDNS_FOR_LAST_EXTERNAL Last External really has no rdns
tflags NO_RDNS_FOR_LAST_EXTERNAL net
score NO_RDNS_FOR_LAST_EXTERNAL 1.00
endif
pop:Mail eh$ diff -u SpamAssassin/Plugin/DNSEval.pm.ORG
SpamAssassin/Plugin/DNSEval.pm
--- SpamAssassin/Plugin/DNSEval.pm.ORG 2015-11-24 19:02:58.000000000
+0100
+++ SpamAssassin/Plugin/DNSEval.pm 2015-11-24 19:25:59.000000000 +0100
@@ -58,6 +58,7 @@
'check_rbl_from_host',
'check_rbl_from_domain',
'check_rbl_envfrom',
+ 'check_dsn_rdns',
'check_dns_sender',
];
@@ -373,6 +374,25 @@
}
}
+sub check_dns_rdns {
+ my ($self, $pms, $rule) = @_;
+
+ my $lasthop = $pms->{relays_external}->[0];
+ return 0 unless defined $lasthop;
+
+ # Perform reverse lookup only, if empty and mta is known to not
always insert rdns
+ return 0 unless (! $lasthop->{rdns} && $lasthop->{rdns_not_in_headers});
+
+ return 0 unless $pms->is_dns_available();
+ $pms->load_resolver();
+
+ dbg("dns: checking rDNS for last external ip $lasthop->{ip}");
+
+ $pms->do_dns_lookup($rule, 'PTR', $lasthop->{ip});
+
+ return 0;
+}
+
sub check_dns_sender {
my ($self, $pms, $rule) = @_;
pop:Mail eh$ diff -u SpamAssassin/Dns.pm.ORG SpamAssassin/Dns.pm
--- SpamAssassin/Dns.pm.ORG 2015-11-24 19:01:59.000000000 +0100
+++ SpamAssassin/Dns.pm 2015-11-24 19:02:39.000000000 +0100
@@ -257,6 +257,12 @@
for my $rule (@{$rules}) {
$self->got_hit($rule, "DNS: ", ruletype => "dns");
}
+ } elsif ($question->qtype =~ /^(PTR)$/ &&
+ $packet->header->rcode =~ /^(?:NXDOMAIN|SERVFAIL)$/)
+ {
+ for my $ptr_rule (@{$rules}) {
+ $self->got_hit($ptr_rule, "DNS: ", ruletype => "dns");
+ }
}
# DNSBL tests are here