diff options
author | ache <ache@FreeBSD.org> | 2002-05-19 17:05:38 +0800 |
---|---|---|
committer | ache <ache@FreeBSD.org> | 2002-05-19 17:05:38 +0800 |
commit | c2198ed2313309933ed0c38b130fd115c3765394 (patch) | |
tree | 8bbed4d5138d600e9b81490fcb61356639858962 /mail/ricochet/files | |
parent | d5345325439861b9ef69cfb5e22f48bdc8e156ab (diff) | |
download | freebsd-ports-gnome-c2198ed2313309933ed0c38b130fd115c3765394.tar.gz freebsd-ports-gnome-c2198ed2313309933ed0c38b130fd115c3765394.tar.zst freebsd-ports-gnome-c2198ed2313309933ed0c38b130fd115c3765394.zip |
Understand modern 4-letters domain names
Don't trust EXTRA_HEADERS and HELO, all of this can be easily faked
Restrict sensing of 3-rd level domains to known variants
Diffstat (limited to 'mail/ricochet/files')
-rw-r--r-- | mail/ricochet/files/patch-ricochet | 65 |
1 files changed, 57 insertions, 8 deletions
diff --git a/mail/ricochet/files/patch-ricochet b/mail/ricochet/files/patch-ricochet index 38ddbad7f8ba..a163df96a17c 100644 --- a/mail/ricochet/files/patch-ricochet +++ b/mail/ricochet/files/patch-ricochet @@ -1,6 +1,18 @@ --- ricochet.orig Thu Feb 8 22:23:19 2001 -+++ ricochet Thu Mar 7 03:31:11 2002 -@@ -227,13 +227,19 @@ ++++ ricochet Sun May 19 12:24:58 2002 +@@ -128,7 +128,10 @@ + ## List of receipients at ORIG_DOMAN + ## besides the CONTACTS. + +- EXTRA_HEADERS => [qw/from reply-to sender errors-to return-path/], ++## Anything there can be easily faked, producing lots of unwanted ++## complaints. Better will not use it. ++## EXTRA_HEADERS => [qw/from reply-to sender errors-to return-path/], ++ EXTRA_HEADERS => undef, + ## Headers to analyze besides + ## 'Received' + +@@ -227,13 +230,19 @@ $self->debug (0, "\nANALYZING HEADERS...\n"); @@ -21,7 +33,7 @@ if ((_nslookup ($host) && ($NS = 1)) || (_mxlookup ($host) && ($MX = 1))) { $self->debug (2,"+ $host EXISTS.\n") if $NS; $self->debug (2,"+ $host HAS A MX RECORD.\n") if $MX; -@@ -244,6 +250,7 @@ +@@ -244,6 +253,7 @@ } } else { $self->debug (2,"- POSSIBLY FAKED HEADER. $host DOESN'T EXIST.\n") } } @@ -29,9 +41,26 @@ } @{$self->{EXTRA_HEADERS}}; while ($match == 0) { -@@ -406,8 +413,14 @@ - my @transmit_hosts = $by =~ /($HOSTRE)/gs; +@@ -379,7 +389,7 @@ + ## --------------------------------------------------------------------------- + sub authentic { +- my $HOSTRE = '[\dA-Za-z\-\.]+\.[A-Za-z]{2,3}(?=[^A-Za-z\-\d])'; ++ my $HOSTRE = '[\dA-Za-z\-\.]+\.[A-Za-z]{2,4}(?=[^A-Za-z\-\d])'; + my $IPRE = '\d{1,3}\.\d{1,3}\.\d{1,3}.\d{1,3}'; + + my ($self, $received) = @_; +@@ -401,13 +411,20 @@ + + $received =~ /from\s(.*?)$rfc/s; my $from = " $1 "; + $received =~ /by\s(.*?)$rfc/s; my $by = " $1 "; +- my @orig_hosts = $from =~ /($HOSTRE)/gs; ++ ++ ## Trust only "(host.name [" part, HELO can be fake ++ my @orig_hosts = $from =~ /\([^()\[\]]*?($HOSTRE)[^()\[\]]*?\[/gs; + my @orig_ips = $from =~ /($IPRE)/gs; + my @transmit_hosts = $by =~ /($HOSTRE)/gs; +- my @ips = $by =~ /($IPRE)/gs; + + my $header = $self->{MAIL}->head; @@ -45,7 +74,7 @@ $auth = 1; $self->{ORIG_HOSTS}->add ($_); $self->debug (2,"+ $_ EXISTS."); -@@ -417,15 +430,21 @@ +@@ -417,15 +434,21 @@ my $host; grep { if ($host = _ptrquery ($_)) { @@ -70,7 +99,7 @@ $auth = 1; $self->{TRANSMIT_HOSTS}->add ($_); $self->debug (2,"+ $_ EXISTS."); -@@ -439,7 +458,13 @@ +@@ -439,7 +462,13 @@ } unless ($self->relaxed == 1) { @@ -85,7 +114,7 @@ } $self->debug (2, "+ Seems Authentic.\n"); -@@ -574,7 +599,8 @@ +@@ -574,7 +603,8 @@ sub initialize { my $self = shift; @@ -95,3 +124,23 @@ Carp::croak "** Ricochet configuration file $rc doesn't exist. Aborting.\n" unless -e $rc; open (RC, $rc); grep { +@@ -758,8 +788,8 @@ + + sub _domain { + my $host = shift; $host =~ y/A-Z/a-z/; my $domain = ''; +- ($domain) = $host =~ /([\da-z\-]+\.[a-z]{2,3}\.[a-z]{2})$/; +- ($domain) = $host =~ /([\da-z\-]+\.[a-z]{2,3})$/ unless $domain; ++ ($domain) = $host =~ /([\da-z\-]+\.(edu?|com?|net?|org?|gov?|int|ac|pp)\.[a-z]{2})$/; ++ ($domain) = $host =~ /([\da-z\-]+\.[a-z]{2,4})$/ unless $domain; + return $domain ? $domain : undef; + } + +@@ -769,7 +799,7 @@ + ## --------------------------------------------------------------------------- + + sub _host { +- my $hostre = '[\dA-Za-z\-\.]+\.[A-Za-z]{2,3}(?=[^A-Za-z\-\d]|$)'; ++ my $hostre = '[\dA-Za-z\-\.]+\.[A-Za-z]{2,4}(?=[^A-Za-z\-\d]|$)'; + my $data = shift; + my ($host) = $data =~ /($hostre)/; + return $host if $host ne ''; |