You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by Clinton Goudie <Cl...@magicalspirits.net> on 2002/05/19 03:07:04 UTC
InSpammerBlacklist bugs?
I was looking at the source for InSpammerBlacklist to see if it would also
work for relays.ordb.org and noticed some possible problems.
ORDB.org uses dns lookups where you translate the ip a.b.c.d into
d.c.b.a.relays.ordb.org, and perform a dns lookup on it, if it resolves,
it's blacklisted. I believe this is the same format that
relays.mail-abuse.org uses, as well as a number of other spam lists.
So I pulled up the InSpammerBlacklist.java file to verify that it is
functioning in this way, and after looking at it for a bit, I don't think
this mailet will catch any spam.
The logic I found in question is
------------------------------------------------------------
StringTokenizer st = new StringTokenizer(host, " .", false);
host = network;
while (st.hasMoreTokens()) {
host = st.nextToken() + ".";
}
//Try to look it up
InetAddress.getByName(host);
------------------------------------------------------------
When I look at this and run it through in my head, there's a couple of
problems I notice.
The first bit I wonder about is that the StringTokenizer is using " .". I'm
not sure if mail.getRemoteAddr(); returns an IP in the format of "127 .0 .0
.2" but I don't think that it would work that way, in which case there wont
be any tokens. Then I noticed that the host doesn't get prepended, it just
gets changed with the next token. It seems that a query against
relays.mail-abuse.org looking for the ip number 10.0.0.1 would build a
string looking like "relays.mail-abuse.org1." which is not likely to resolve
(So nothing will ever hit the spam bucket).
It seems to me that this code might work better like this:
-------------------------------------------------------------
StringBuffer sb = new StringBuffer();
StringTokenizer st = new StringTokenizer(host, ".", false);
while (st.hasMoreTokens()) {
sb.insert(0, st.nextToken() + ".");
}
sb.append(network);
host = sb.toString();
//Try to look it up
InetAddress.getByName(host);
-------------------------------------------------------------
If you do a look up on 2.0.0.127.relays.ordb.org it will resolve for testing
purposes if you want to test my theory.
Clint Goudie
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: InSpammerBlacklist bugs?
Posted by "Noel J. Bergman" <no...@devtech.com>.
Clint,
Glad to hear it. I do agree with you that the other code is broken, and
should be something like:
StringBuffer sb = new StringBuffer();
StringTokenizer st = new StringTokenizer(host, " .", false);
while (st.hasMoreTokens()) sb.insert(0, st.nextToken() + ".");
netAddress.getByName(sb.append(network));
Would you please submit this change to the CVS tree if you can? If not,
hopefully Danny or Serge will snag it. But it should go into the next code
drop, which is suppose to come out this weekend.
--- Noel
-----Original Message-----
From: Clinton Goudie [mailto:ClintJakarta@magicalspirits.net]
Sent: Saturday, May 18, 2002 23:22
To: James Developers List
Subject: RE: InSpammerBlacklist bugs?
You are correct sir.
I've now built this source into my James and tested it. It's working much
better now :)
Clint
-----Original Message-----
From: Noel J. Bergman [mailto:noel@devtech.com]
Sent: Saturday, May 18, 2002 8:48 PM
To: James Developers List
Subject: RE: InSpammerBlacklist bugs?
> The first bit I wonder about is that the StringTokenizer is using " .".
> I'm not sure if mail.getRemoteAddr(); returns an IP in the format of
> "127 .0 .0 .2"
RTFM. :-) Or at least the JDK documentation: All characters in the delim
argument are the delimiters for separating tokens. In other words, EITHER a
' ' or a '.' would be accepted as a delimiter, so "127 0 0 1" or "127.0.0.1"
or other combination would be acceptable.
--- Noel
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: InSpammerBlacklist bugs?
Posted by Clinton Goudie <Cl...@magicalspirits.net>.
You are correct sir.
I've now built this source into my James and tested it. It's working much
better now :)
Clint
-----Original Message-----
From: Noel J. Bergman [mailto:noel@devtech.com]
Sent: Saturday, May 18, 2002 8:48 PM
To: James Developers List
Subject: RE: InSpammerBlacklist bugs?
> The first bit I wonder about is that the StringTokenizer is using " .".
I'm
> not sure if mail.getRemoteAddr(); returns an IP in the format of "127 .0
0 .2"
RTFM. :-) Or at least the JDK documentation: All characters in the delim
argument are the delimiters for separating tokens. In other words, EITHER a
' ' or a '.' would be accepted as a delimiter, so "127 0 0 1" or "127.0.0.1"
or other combination would be acceptable.
--- Noel
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: InSpammerBlacklist bugs?
Posted by "Noel J. Bergman" <no...@devtech.com>.
> The first bit I wonder about is that the StringTokenizer is using " .".
I'm
> not sure if mail.getRemoteAddr(); returns an IP in the format of "127 .0
.0 .2"
RTFM. :-) Or at least the JDK documentation: All characters in the delim
argument are the delimiters for separating tokens. In other words, EITHER a
' ' or a '.' would be accepted as a delimiter, so "127 0 0 1" or "127.0.0.1"
or other combination would be acceptable.
--- Noel
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>