Package: mailagent Version: 3.73-21 Severity: normal Tags: patch The following patched code in mailagent examines strings in Received: headers and makes three decisions based on whether the string appears to be a FQDN. The first two decisions help Mailagent construct an accurate list of hosts through which the mail was relayed. The last decision logs a warning message if the hostname string that Mailagent derives seems to be "bad."
Top level domains with more than four characters are "bad" for Mailagent, but there are two official TLDs with more than four characters: ".museum" and ".travel" (see http://www.iana.org/gtld/gtld.htm). It's also useful to use the TLD ".private" for private IP networks. Mailagent rules can branch on the list of relay hosts; such rules may not function as expected when a long TLD appears in a Recieved: header. I consider this consequence to have a severity of "normal"; the other consequences are incorrect log entries and spurious warnings in the log, which have a severity of "minor." My suggested patch compares the TLD with the list of official TLDs plus ".private". The patch eliminates false negatives for the .museum, and .travel TLDs, allows the TLD .private, and eliminates false positives for all strings of length 2-4 that are not official TLDs. If that seems overkill or too inefficient, I suggest simply changing the present upper limit of four chars to seven chars: \w{2,7} instead of \w{2,4} at three locations. Six would accommodate the new official TLDs, but seven is necessary to accommodate ".private" cd /usr/local/src/debian/mailagent-3.73/agent/pl/ diff -u /usr/local/src/debian/mailagent-3.73/agent/pl/parse.orig.pl /usr/local/src/debian/mailagent-3.73/agent/pl/parse.pl --- /usr/local/src/debian/mailagent-3.73/agent/pl/parse.orig.pl 2006-08-15 16:50:40.000000000 -0400 +++ /usr/local/src/debian/mailagent-3.73/agent/pl/parse.pl 2006-08-15 17:35:55.000000000 -0400 @@ -327,6 +327,12 @@ local($host, $real); local($islast) = 1; # First line we see is the "last" inserted local($received); # Received line, verbatim + # The regexp /\.X$/i where X is any of offical top level domains at + # http://data.iana.org/TLD/tlds-alpha-by-domain.txt on 15 Aug 2006 plus the + # extra domain "private". + # The regexp is the translation into Perl syntax of the result of calling Emacs's `regexp-opt' + # on the list of acceptable TLDs. + local($tlds_rx) = qr'\.A(?:ERO|RPA|[C-GIL-OQ-UWXZ])|B(?:IZ|[ABD-JMNORSTVWYZ])|C(?:AT|O(?:M|OP)|[ACDF-IK-ORUVXYZ])|D[EJKMOZ]|E(?:DU|[CEGR-U])|F[IJKMOR]|G(?:OV|[ABD-ILMNP-UWY])|H[KMNRTU]|I(?:N(?:FO|T)|[DEL-OQ-T])|J(?:OBS|[EMOP])|K[EGHIMNRWYZ]|L[ABCIKR-VY]|M(?:IL|OBI|USEUM|[ACDGHK-Z])|N(?:AME|ET|[ACEFGILOPRUZ])|O(?:M|RG)|P(?:R(?:IVATE|O)|[AE-HK-NRSTWY])|QA|R[EOUW]|S[A-EG-ORTUVYZ]|T(?:RAVEL|[CDFGHJ-PRTVWZ])|U[AGKMSYZ]|V[ACEGINU]|W[FS]|Y[ETU]|Z[AMW]$'i; local($i); local($_); @@ -341,7 +347,7 @@ ) { $host = $1; $host .= ".$cf::domain" - if $host =~ /^\w/ && $host !~ /\.\w{2,4}$/; + if $host =~ /^\w/ && $host !~ $tlds_rx; push(@hosts, $host); } else { &add_log("WARNING no by in first Received: line '$received'") @@ -413,7 +419,7 @@ # if the "real" host name we attempted to guess is an IP address # or looks like a fully qualified domain name. - $host = $real if $real =~ /\.\w{2,4}$/ || $real =~ /^\[[\d.]+\]$/; + $host = $real if $real =~ $tlds_rx || $real =~ /^\[[\d.]+\]$/; if ($host eq '') { &add_log("NOTICE no relaying origin in Received: line '$received'") @@ -453,7 +459,7 @@ unless ( $host =~ /^\[[\d.]+\]$/ || - $host =~ /^[\w-.]+\.\w{2,4}$/ || + $host =~ /^[\w-.]+${tlds_rx}/ || $host =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/ ) { next if $host =~ /^[\w-]+$/; # No message for unqualified hosts -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing'), (500, 'unstable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17-corax-1 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages mailagent depends on: ii debconf [debconf-2.0] 1.5.3 Debian configuration management sy ii libc6 2.3.6-15 GNU C Library: Shared libraries ii perl 5.8.8-6.1 Larry Wall's Practical Extraction ii sendmail 8.13.7-2 powerful, efficient, and scalable ii sendmail-bin [mail-transport- 8.13.7-2 powerful, efficient, and scalable mailagent recommends no packages. -- debconf information: shared/news/organization: --none-- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
