You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2015/06/16 04:00:03 UTC
[Bug 7211] New: ASN shows ipv4 ranges on ipv6 recieved range
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7211
Bug ID: 7211
Summary: ASN shows ipv4 ranges on ipv6 recieved range
Product: Spamassassin
Version: 3.4.1
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Plugins
Assignee: dev@spamassassin.apache.org
Reporter: me@junc.eu
X-Spam-ASN: AS3215 2.0.0.0/16
Received: from ns2.example.org (unknown
[IPv6:2002:29dd:5ac:0:21e:c9ff:fee9:c077])
by example.net (Postfix) with ESMTPS id B8DA7E3AA
for <us...@example.net.org>; Tue, 16 Jun 2015 01:36:40 +0100 (BST)
imho the ASN should show ipv6 range, if its not a ASN plugin bug is it a error
in ASN database ?
in that case how should spamassassin handle this ?
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7211] ASN shows ipv4 ranges on ipv6 recieved range
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7211
Benny Pedersen <me...@junc.eu> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |me@junc.eu
Resolution|WORKSFORME |---
Status|RESOLVED |REOPENED
--- Comment #2 from Benny Pedersen <me...@junc.eu> ---
i see the same problem as you did, so not a config error here, reopen
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7211] ASN shows ipv4 ranges on ipv6 recieved range
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7211
J <jy...@protonmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #5630|0 |1
is obsolete| |
--- Comment #12 from J <jy...@protonmail.com> ---
Created attachment 5631
--> https://bz.apache.org/SpamAssassin/attachment.cgi?id=5631&action=edit
Split lookups for IPv4 and IPv6 origin addresses v2
- resolves lint warnings
- add brief pod description
- keep existing behaviour (ie. use the same zone for both address families)
unchanged if asn_lookup_ipv6 is undefined
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7211] ASN shows ipv4 ranges on ipv6 recieved range
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7211
--- Comment #24 from Henrik Krohns <he...@hege.li> ---
I believe we need permission from cymru.com to use their DNS list by default,
not that there probably wouldn't be much traffic. (and yes fixed
asn_lookup_ipv6 in other commit..)
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7211] ASN shows ipv4 ranges on ipv6 recieved range
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7211
Henrik Krohns <he...@hege.li> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |RESOLVED
CC| |hege@hege.li
Resolution|--- |FIXED
--- Comment #21 from Henrik Krohns <he...@hege.li> ---
Implemented asn_lookup_ipv6 with some code cleanups/fixes.
Sending spamassassin-3.4/UPGRADE
Sending spamassassin-3.4/lib/Mail/SpamAssassin/Plugin/ASN.pm
Sending spamassassin-3.4/t/cross_user_config_leak.t
Sending trunk/UPGRADE
Sending trunk/lib/Mail/SpamAssassin/Plugin/ASN.pm
Sending trunk/rules/25_asn.cf
Sending trunk/t/cross_user_config_leak.t
Transmitting file data .......done
Committing transaction...
Committed revision 1857549.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7211] ASN shows ipv4 ranges on ipv6 recieved range
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7211
Benny Pedersen <me...@junc.eu> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|REOPENED |RESOLVED
--- Comment #13 from Benny Pedersen <me...@junc.eu> ---
works for me now
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7211] ASN shows ipv4 ranges on ipv6 recieved range
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7211
J <jy...@protonmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jyxmqw@protonmail.com
--- Comment #9 from J <jy...@protonmail.com> ---
Attached is proof of concept patch to ASN.pm to split lookups for IPv4 and IPv6
origin addresses.
So with the following in local.cf:
loadplugin Mail::SpamAssassin::Plugin::ASN
asn_lookup origin.asn.cymru.com _ASN_ _ASNCIDR_
asn_lookup_ipv6 origin6.asn.cymru.com _ASN_ _ASNCIDR_
add_header all ASN _ASN_ _ASNCIDR_
ASN resolution will now use the appropriate server based on the IP type as
tested against the IPV4_ADDRESS constant.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7211] ASN shows ipv4 ranges on ipv6 recieved range
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7211
Benny Pedersen <me...@junc.eu> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|FIXED |---
Version|3.4.1 |3.4.2
--- Comment #18 from Benny Pedersen <me...@junc.eu> ---
is reopen limited to reporters only ?
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7211] ASN shows ipv4 ranges on ipv6 recieved range
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7211
--- Comment #15 from Bernhard Schmidt <be...@birkenwald.de> ---
@Benny: Maybe I'm not understanding the procedures in SpamAssassin correctly,
but I could not find any commit for this in SVN trunk. Yet the bug is marked
RESOLVED FIXED.
Wouldn't it make sense to keep this bug open until the code has been actually
committed?
Also I would really like to submit this patch for inclusion into the next
Debian release. For this to happen an actual upstream commit would be very
helpful.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7211] ASN shows ipv4 ranges on ipv6 recieved range
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7211
--- Comment #3 from Kevin A. McGrail <km...@pccc.com> ---
(In reply to Benny Pedersen from comment #2)
> i see the same problem as you did, so not a config error here, reopen
What does your config lines relevant to ASN look like exactly? How have you
switched to origin6.asn.cymru.com, for example?
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7211] ASN shows ipv4 ranges on ipv6 recieved range
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7211
Bernhard Schmidt <be...@birkenwald.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |berni@birkenwald.de
--- Comment #7 from Bernhard Schmidt <be...@birkenwald.de> ---
Is (obviously) still happening with 3.4.2.
Could someone please reopen this bug report? I know it's not easy to fix
because you need to query different zones for IPv4 and IPv6, but at least this
issue should be tracked.
Received: from muffat.debian.org (muffat.debian.org
[IPv6:2607:f8f0:614:1::1274:33])
--> X-Spam-ASN: AS3215 2.6.0.0/16
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7211] ASN shows ipv4 ranges on ipv6 recieved range
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7211
--- Comment #10 from Benny Pedersen <me...@junc.eu> ---
confirmed it works, but it have a lint error
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7211] ASN shows ipv4 ranges on ipv6 recieved range
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7211
--- Comment #20 from Henrik Krohns <he...@hege.li> ---
*** Bug 7671 has been marked as a duplicate of this bug. ***
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7211] ASN shows ipv4 ranges on ipv6 recieved range
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7211
--- Comment #23 from Kevin A. McGrail <km...@apache.org> ---
Answering one of your questions: Rules are only produced / published out of
trunk.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7211] ASN shows ipv4 ranges on ipv6 recieved range
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7211
--- Comment #22 from Bernhard Schmidt <be...@birkenwald.de> ---
(In reply to Henrik Krohns from comment #21)
> Implemented asn_lookup_ipv6 with some code cleanups/fixes.
>
> Sending spamassassin-3.4/UPGRADE
> Sending spamassassin-3.4/lib/Mail/SpamAssassin/Plugin/ASN.pm
> Sending spamassassin-3.4/t/cross_user_config_leak.t
> Sending trunk/UPGRADE
> Sending trunk/lib/Mail/SpamAssassin/Plugin/ASN.pm
> Sending trunk/rules/25_asn.cf
> Sending trunk/t/cross_user_config_leak.t
> Transmitting file data .......done
> Committing transaction...
> Committed revision 1857549.
Thanks a lot! I have tested your patch and it works fine, I'm currently
building a package to propose it to Debian. However I have a few questions
about your updated 25_asn.cf
1.) Is there a reason the updated rule is not in the 3.4 branch (I honestly
don't know whether rules are always in trunk regardless of the version, if yes
please ignore this comment)
2.) Is there a reason it is commented out by default? The conditional should
take care of versions not supporting it
3.) I think it should be asn_lookup_ipv6 inside the if-block
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7211] ASN shows ipv4 ranges on ipv6 recieved range
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7211
Benny Pedersen <me...@junc.eu> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|WORKSFORME |---
--- Comment #11 from Benny Pedersen <me...@junc.eu> ---
another thing to solve maybe is if client ip is in internal_networks ip listed,
then X-Spam-ASN: is just empty, can it list that asn is not done if
internal_networks eq
X-Spam-ASN: skipped internal_networks
or if trusted_networks
X-Spam-ASN: skipped trusted_networks
and visa versa for other resons if skipped testing
reopen
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7211] ASN shows ipv4 ranges on ipv6 recieved range
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7211
--- Comment #17 from Bernhard Schmidt <be...@birkenwald.de> ---
But if I'm reading the history correctly you have the power to reopen this
bugreport, which is probably needed for it to appear on any radar necessary to
have this committed (and/or chase the CLA from J).
I'm afraid if it stays RESOLVED this bug report will again lay dormant for a
couple of years.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7211] ASN shows ipv4 ranges on ipv6 recieved range
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7211
Bill Cole <bi...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |billcole@apache.org
--- Comment #19 from Bill Cole <bi...@apache.org> ---
(In reply to J from comment #14)
> I've been using this patch with ASN lookups enabled on two dual stack
> instances for the last week, without issue.
>
> Could this fix be committed?
Not without a signed ICLA.
See: https://www.apache.org/licenses/#clas
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7211] ASN shows ipv4 ranges on ipv6 recieved range
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7211
Kevin A. McGrail <km...@pccc.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |RESOLVED
Resolution|--- |WORKSFORME
--- Comment #5 from Kevin A. McGrail <km...@pccc.com> ---
(In reply to Benny Pedersen from comment #4)
> so it needs configs in local.cf to work ?
>
> if so its a default config error in 3.4.1
>
> close this bug here with a local.cf that works both ipv4 and ipv6
>
> perldoc is not very helpfull for me :/
I don't use the ASN plugin so suggest you discuss on the users and/or dev@
The docs might need clarifying but they do mention that IPv6 is supported by
some zones and I'm gathering the default zone does not support IPv6.
My assumption is that some sort of config line like asn_lookup
origin6.asn.cymru.com _ASN_ _ASNCIDR_ line tells your ASN plugin to use that
name server.
Or you configure a locally cached copy of the information. I don't know your
volume, etc.
Regards,
KAM
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7211] ASN shows ipv4 ranges on ipv6 recieved range
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7211
Andy Smith <an...@strugglers.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |andy-apache.org@strugglers.
| |net
--- Comment #6 from Andy Smith <an...@strugglers.net> ---
Having read the documentation, unless I am missing something I cannot see how
this plugin can work when email is received from both IPv4 and IPv6 hosts.
The only way to specify a zone is "asn_lookup". If you do:
asn_lookup origin.asn.cymru.com _ASN_ _ASNCIDR_
this will work fine for mails that come in from IPv4 addresses, but when you
get one from an IPv6 address that happens to match, it will erroneously bring
back a match for an IPv4 address like 2.0.0.0/16.
If instead you do:
asn_lookup origin6.asn.cymru.com _ASN_ _ASNCIDR_
then no IPv4 query will ever match, but it will work for IPv6 queries. That
won't be very useful for most people since most mail comes in from IPv4
addresses.
If you try adding both then all queries will go to both zones, so the erroneous
answers will still be returned.
Doesn't this plugin need to separate out zones that accept v4 queries and zones
that accept v6 queries, so that one could for example do:
asn_lookup origin.asn.cymru.com _ASN_ _ASNCIDR_
asn_lookup_v6 origin6.asn.cymru.com _ASN_ _ASNCIDR_
and then have the plugin send only v4 queries to the asn_lookup zones and only
v6 queries to the asn_lookup_v6 zones?
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7211] ASN shows ipv4 ranges on ipv6 recieved range
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7211
Kevin A. McGrail <km...@pccc.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kmcgrail@pccc.com
Resolution|--- |WORKSFORME
Status|NEW |RESOLVED
--- Comment #1 from Kevin A. McGrail <km...@pccc.com> ---
I think it's a configuration error. For example, the IPv6 address below in
your example in reverse notation becomes
7.7.0.c.9.e.e.f.f.f.9.c.e.1.2.0.0.0.0.0.c.a.5.0.d.d.9.2.2.0.0.2
So the lookup becomes:
dig
7.7.0.c.9.e.e.f.f.f.9.c.e.1.2.0.0.0.0.0.c.a.5.0.d.d.9.2.2.0.0.2.aspath.routeviews.org.
IN TXT
That returns: ;; ANSWER SECTION:
2.0.0.2.aspath.routeviews.org. 86400 IN TXT "293 5511 3215" "2.0.0.0" "16"
Which means either perhaps we aren't doing IPv6 lookups correctly or
routeviews.org doesn't support IPv6. I'm guessing the later since it is
truncating all but the last 4 octets received (note the ANSWER section and
compare to the answer section below).
So looking up one of my IPs and using origin6.asn.cymru.com, I see:
6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.0.0.a.2.0.5.5.0.1.0.0.2.origin6.asn.cymru.com.
14400 IN TXT "174 | 2001:550::/32 | US | arin | 2002-12-17"
So I think you need something like this from the note in the ASN.pm
# Some zones also support IPv6 lookups, for example:
# asn_lookup origin6.asn.cymru.com [_ASN_ _ASNCIDR_]
I don't use this plugin so feedback appreciated perhaps on dev list since I'm
going to close this as worksforme for now.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7211] ASN shows ipv4 ranges on ipv6 recieved range
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7211
--- Comment #16 from Benny Pedersen <me...@junc.eu> ---
sure if it could be in 3.4.3 it would be nice, i have NoCLA to mark it that :=)
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7211] ASN shows ipv4 ranges on ipv6 recieved range
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7211
--- Comment #8 from J <jy...@protonmail.com> ---
Created attachment 5630
--> https://bz.apache.org/SpamAssassin/attachment.cgi?id=5630&action=edit
Split lookups for IPv4 and IPv6 origin addresses.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7211] ASN shows ipv4 ranges on ipv6 recieved range
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7211
--- Comment #14 from J <jy...@protonmail.com> ---
I've been using this patch with ASN lookups enabled on two dual stack instances
for the last week, without issue.
Could this fix be committed?
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7211] ASN shows ipv4 ranges on ipv6 recieved range
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7211
--- Comment #4 from Benny Pedersen <me...@junc.eu> ---
so it needs configs in local.cf to work ?
if so its a default config error in 3.4.1
close this bug here with a local.cf that works both ipv4 and ipv6
perldoc is not very helpfull for me :/
--
You are receiving this mail because:
You are the assignee for the bug.