You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by mm...@apache.org on 2010/02/18 01:26:01 UTC
svn commit: r911235 - in /spamassassin/trunk/lib/Mail/SpamAssassin: Conf.pm
Dns.pm DnsResolver.pm
Author: mmartinec
Date: Thu Feb 18 00:26:01 2010
New Revision: 911235
URL: http://svn.apache.org/viewvc?rev=911235&view=rev
Log:
Bug 6338: Use of Bit 0x20 in DNS Labels to Improve Transaction Identity
(adds 'dns_options dns0x20', allows negation of dns options, off by default)
Modified:
spamassassin/trunk/lib/Mail/SpamAssassin/Conf.pm
spamassassin/trunk/lib/Mail/SpamAssassin/Dns.pm
spamassassin/trunk/lib/Mail/SpamAssassin/DnsResolver.pm
Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Conf.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Conf.pm?rev=911235&r1=911234&r2=911235&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Conf.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Conf.pm Thu Feb 18 00:26:01 2010
@@ -1332,13 +1332,30 @@
}
});
-=item dns_options rotate (default: empty)
+=item dns_options opts (default: empty)
-If set to 'rotate', this causes SpamAssassin to choose a DNS server at random
+Provides a (whitespace or comma -separated) list of options applying to
+DNS resolving. Available options are 'rotate' and 'dns0x20' (without quotes).
+Option name may be negated by prepending a 'no' (e.g. 'norotate') to
+counteract previously enabled option. The last setting in configuration
+files prevails. By default options 'rotate' and 'dns0x20' are disabled.
+
+Option 'rotate' causes SpamAssassin to choose a DNS server at random
from all servers listed in C</etc/resolv.conf> every 'dns_test_interval'
seconds, effectively spreading the load over all currently available DNS
servers when there are many spamd workers.
+Option 'dns0x20' enables randomization of letters in a DNS query label
+according to draft-vixie-dnsext-dns0x20, decreasing a chance of collisions
+of responses (by chance or by a malicious intent) by increasing spread
+as provided by a 16-bit query ID and up to 16 bits of a port number,
+with additional bits as encoded by flipping case (upper/lower) of letters
+in a query. The number of additional random bits corresponds to the number
+of letters in a query label. Should work reliably with all mainstream
+DNS servers - do not turn on if you see frequent info messages
+"dns: no callback for id:" in the log, or if RBL or URIDNS lookups
+do not work for no apparent reason.
+
=cut
push (@cmds, {
@@ -1346,11 +1363,13 @@
type => $CONF_TYPE_HASH_KEY_VALUE,
code => sub {
my ($self, $key, $value, $line) = @_;
- my $allowed_opts = "rotate";
-
- foreach my $option (split (/\s+/, $value)) {
- if ($allowed_opts !~ /^$option$/) { return $INVALID_VALUE; }
- else { $self->{dns_options}->{$option} = 1; }
+ foreach my $option (split (/[\s,]+/, $value)) {
+ local($1,$2);
+ if (lc($option) =~ /^(no)?(rotate|dns0x20)\z/) {
+ $self->{dns_options}->{$2} = $1 ? 0 : 1;
+ } else {
+ return $INVALID_VALUE;
+ }
}
}
});
Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Dns.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Dns.pm?rev=911235&r1=911234&r2=911235&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Dns.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Dns.pm Thu Feb 18 00:26:01 2010
@@ -189,7 +189,7 @@
$log =~ s/(?<![<([])(https?:\/\/\S+)/<$1>/g;
}
elsif ($question->string =~ m/^(\d+)\.(\d+)\.(\d+)\.(\d+)\.(\S+\w)/) {
- $log = "$4.$3.$2.$1 listed in $5";
+ $log = "$4.$3.$2.$1 listed in ".lc($5);
}
}
Modified: spamassassin/trunk/lib/Mail/SpamAssassin/DnsResolver.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/DnsResolver.pm?rev=911235&r1=911234&r2=911235&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/DnsResolver.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/DnsResolver.pm Thu Feb 18 00:26:01 2010
@@ -303,6 +303,26 @@
=cut
+# implements draft-vixie-dnsext-dns0x20-00
+#
+sub dnsext_dns0x20 {
+ my ($string) = @_;
+ my $rnd;
+ my $have_rnd_bits = 0;
+ my $result = '';
+ for my $ic (unpack("C*",$string)) {
+ if (chr($ic) =~ /^[A-Za-z]\z/) {
+ if ($have_rnd_bits < 1) {
+ $rnd = rand(0x7fffffff); $have_rnd_bits = 31;
+ }
+ $ic ^= 0x20 if $rnd & 1; # flip the 0x20 bit in name if dice says so
+ $rnd = $rnd >> 1; $have_rnd_bits--;
+ }
+ $result .= chr($ic);
+ }
+ return $result;
+}
+
sub new_dns_packet {
my ($self, $host, $type, $class) = @_;
@@ -317,6 +337,7 @@
$self->connect_sock_if_reqd();
my $packet;
eval {
+ $host = dnsext_dns0x20($host) if $self->{conf}->{dns_options}->{dns0x20};
$packet = Net::DNS::Packet->new($host, $type, $class);
# a bit noisy, so commented by default...
@@ -463,8 +484,8 @@
my $cb = delete $self->{id_to_callback}->{$id};
if (!$cb) {
- dbg("dns: no callback for id: %s, ignored; packet: %s",
- $id, $packet ? $packet->string : "undef" );
+ info("dns: no callback for id: %s, ignored; packet: %s",
+ $id, $packet ? $packet->string : "undef" );
} else {
$cb->($packet, $id, $now);
$cnt++;