2326 – ipv6 + ipv4 combo host addresses in rbl tests

Bug 2326 - ipv6 + ipv4 combo host addresses in rbl tests

Summary: ipv6 + ipv4 combo host addresses in rbl tests

Status:	RESOLVED FIXED

Alias:	None

Product:	Spamassassin
Classification:	Unclassified
Component:	Regression Tests (show other bugs)
Version:	2.60
Hardware:	All All

Importance:	P5 minor
Target Milestone:	---
Assignee:	SpamAssassin Developer Mailing List

URL:
Whiteboard:
Keywords:	dns

Depends on:
Blocks:	3208
	Show dependency tree

Reported:	2003-08-18 14:17 UTC by Hannu Liljemark
Modified:	2004-03-23 12:57 UTC (History)
CC List:	0 users

Attachment	Type	Modified	Status	Actions	Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Hannu Liljemark 2003-08-18 14:17:51 UTC

Searched the bugzilla, but couldn't find anything similar to this... and I'm  
running 2.55, perhaps this is dealt with in 2.60-cvs.

Helsinki University mailserver seems to add some strange ipv6-like nonsense to 
the Received header. Here's a few samples:

Received: from cs.helsinki.fi ([::ffff:218.11.152.141]) by mail.cs.helsinki.fi 
with esmtp; Mon, 18 Aug 2003 15:37:48 +0300

Received: from m165.4superdeals.biz (softdnserr [::ffff:64.235.238.165]) by 
mail.cs.helsinki.fi with esmtp; Sun, 17 Aug 2003 19:30:42 +0300

Seems to get the rbl tests somewhat confused. I'm not sure how common that 
format in the header is. Both the senders in the above are definately in 
several RBLs (at least when I'm typing this) and get detected if you cut out 
the ::ffff:.

Comment 1 Hannu Liljemark 2003-08-24 02:39:58 UTC

It looks like the mailer in question is courier-mta, based on this softdnserr 
string.

"When the message is received via ESMTP, these variables [TCPREMOTEHOST, 
TCPREMOTEIP] specify the remote IP address and the corresponding hostname. 
Hostname is empty if the IP address does not have a reverse DNS record, or is 
set to "softdnserr" if there was a temporary failure while looking up this IP 
address."

That description was from http://www.courier-mta.org/localmailfilter.html and 
there's also another one at http://www.courier-mta.org/couriertcpd.html

"TCPLOCALHOST will be set to the string softdnserr if the DNS lookup fails with 
a temporary error (so you cannot tell if the IP address has a valid host name 
associated with it), or if the reverse and forward DNS lookups do not match. 
TCPLOCALHOST will not be set if the reverse DNS lookup fails completely."

(TCPREMOTEHOST works the same way as TCPLOCALHOST with couriertcpd.) I'm 
guessing couriertcpd is the one that gets the mails over SMTP and does the 
lookups.

The Received tests are probably quite expensive so my current workaround of 
having three new Received regexps weeding out specifically the ::ffff: lines to 
get RBL looksup done should make everyone stay far away from me :) perhaps 
extract_ipv4_addr_from_string is where it should be done.

What I'm also wondering is whether or not mta_looked_up_dns should be set when 
there's this softdnserr.

Received: from cs.helsinki.fi ([::ffff:218.11.152.141]) by mail.cs.helsinki.fi 
with esmtp; Mon, 18 Aug 2003 15:37:48 +0300

Received: from bushinternet.com (softdnserr [::ffff:61.99.99.67]) by 
mail.cs.helsinki.fi with esmtp; Fri, 22 Aug 2003 12:25:41 +0300

Received: from libero.it (ip-218-113-134-202.rev.dyxnet.com 
[::ffff:202.134.113.218]) by mail.cs.helsinki.fi with esmtp; Fri, 22 Aug 2003 
17:17:43 +0300

Comment 2 Justin Mason 2004-03-23 21:57:13 UTC

ok, added