khopesh at apache
Feb 5, 2010, 5:44 PM
Post #1 of 1
(171 views)
Permalink
|
|
svn commit: r907157 - /spamassassin/trunk/rulesrc/sandbox/khopesh/20_bug_6299.cf
|
|
Author: khopesh
Date: Sat Feb 6 01:44:05 2010
New Revision: 907157
URL: http://svn.apache.org/viewvc?rev=907157&view=rev
Log:
folded link-local and test-net into main rule, removed portions that SA already catches with UNPARSABLE_RELAY (and won't put into X-Spam-Relays-Untrusted), better comments, removed link-local and test-net rules
Modified:
spamassassin/trunk/rulesrc/sandbox/khopesh/20_bug_6299.cf
Modified: spamassassin/trunk/rulesrc/sandbox/khopesh/20_bug_6299.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/khopesh/20_bug_6299.cf?rev=907157&r1=907156&r2=907157&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/khopesh/20_bug_6299.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/khopesh/20_bug_6299.cf Sat Feb 6 01:44:05 2010
@@ -1,17 +1,26 @@
-# includes updates through 2010-01-19 (as last referenced 2010-02-05)
-# via http://www.iana.org/assignments/ipv4-address-space/
-# updates itemized by date at http://www.cymru.com/Documents/bogon-list.html
-header T_KHOP_RCVD_ILLEGAL_IP X-Spam-Relays-Untrusted =~ / (?:by|ip)=(?:[05]|14|23|3[1679]|4[29]|50|1(?:0[0-7]|7[679]|8[15])|2(?:2[3-9]|[3-9]\d)|\d{4,}|[3-9]\d\d)\.\d+\.\d+\.\d+ /
+# Includes updates through 2010-01-19 (as last referenced 2010-02-05)
+# and now checks for test-net and link-local reserved blocks.
+# Formally defined at http://www.iana.org/assignments/ipv4-address-space/
+# Updates itemized by date at http://www.cymru.com/Documents/bogon-list.html
+header T_KHOP_RCVD_ILLEGAL_IP X-Spam-Relays-Untrusted =~ / (?:by|ip)=(?:[05]|14|23|3[1679]|4[29]|50|1(?:0[0-7]|7[679]|8[15])|2(?:2[3-9]|[3-5]\d)|169\.254|192\.0\.2|198\.51\.100|203\.0\.113)\./
describe T_KHOP_RCVD_ILLEGAL_IP Received: contains reserved or unallocated IP
-header T_KHOP_RCVD_ILLEGAL_IP_LE X-Spam-Relays-Untrusted =~ /^[^\]]+ (?:by|ip)=(?:[05]|14|23|3[1679]|4[29]|50|1(?:0[0-7]|7[679]|8[15])|2(?:2[3-9]|[3-5]\d)|\d{4,}|[3-9]\d\d)\.\d+\.\d+\.\d+ /
+
+# Test Jon Hardin's supposition that this should be restricted to Last-Untrusted
+# ... I named this LE instead of LU but it doesn't matter as it has no hits.
+# Keeping as a reference point until we finalize the bug
+header T_KHOP_RCVD_ILLEGAL_IP_LE X-Spam-Relays-Untrusted =~ /^[\]]+ (?:by|ip)=(?:[05]|14|23|3[1679]|4[29]|50|1(?:0[0-7]|7[679]|8[15])|2(?:2[3-9]|[3-5]\d)|169\.254|192\.0\.2|198\.51\.100|203\.0\.113)\./
+
+
+# pre-merging, pre-pruning of unparsable items
+#header T_KHOP_RCVD_ILLEGAL_IP X-Spam-Relays-Untrusted =~ / (?:by|ip)=(?:[05]|14|23|3[1679]|4[29]|50|1(?:0[0-7]|7[679]|8[15])|2(?:2[3-9]|[3-9]\d)|\d{4,}|[3-9]\d\d)\.\d+\.\d+\.\d+ /
# TEST-NET addresses are for documentation and examples only
-header RCVD_TEST_NET X-Spam-Relays-Untrusted =~ / (?:by|ip)=(?:192\.0\.2|198\.51\.100|203\.0\.113)\./
-describe RCVD_TEST_NET Received: uses test IP address, violating RFC 5737
+#header RCVD_TEST_NET X-Spam-Relays-Untrusted =~ / (?:by|ip)=(?:192\.0\.2|198\.51\.100|203\.0\.113)\./
+#describe RCVD_TEST_NET Received: uses test IP address, violating RFC 5737
# My understanding of the link-local block is that it is used by DHCP-driven
# clients that cannot find a DHCP server, allowing local-only communications
# (like 127/8) plus anything *directly* connected to it (that means no
# routable addresses are available, e.g. in an ad hoc network).
-header RCVD_LINK_LOCAL X-Spam-Relays-Untrusted =~ / (?:by|ip)=169\.254\./
-describe RCVD_LINK_LOCAL Received: uses link-local IP, violating RFC 3927
+#header RCVD_LINK_LOCAL X-Spam-Relays-Untrusted =~ / (?:by|ip)=169\.254\./
+#describe RCVD_LINK_LOCAL Received: uses link-local IP, violating RFC 3927
|
