Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SpamAssassin: devel

[Bug 6814] RCVD_ILLEGAL_IP 2/8 Unallocated

  

 
SpamAssassin devel RSS feed   Index | Next | Previous | View Threaded


bugzilla-daemon at bugzilla

Jul 10, 2012, 8:59 AM

Post #1 of 6 (275 views)
Permalink
[Bug 6814] RCVD_ILLEGAL_IP 2/8 Unallocated
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6814

Darxus <Darxus [at] ChaosReigns> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |Darxus [at] ChaosReigns

--- Comment #1 from Darxus <Darxus [at] ChaosReigns> ---
Due to similarity with the recent bug 6810, I think somebody should probably go
through
http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml and
make sure we're not incorrectly flagging anything else as unallocated.

--
You are receiving this mail because:
You are the assignee for the bug.


bugzilla-daemon at bugzilla

Jul 10, 2012, 9:57 AM

Post #2 of 6 (255 views)
Permalink
[Bug 6814] RCVD_ILLEGAL_IP 2/8 Unallocated [In reply to]
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6814

--- Comment #2 from Darxus <Darxus [at] ChaosReigns> ---
Mattias, are you using current rules? A 3.3.x release of spamassassin?

Commit fixing bug 6810:
http://svn.apache.org/viewvc?rev=1353840&view=rev

I'm finding breaking down this regex a little challenging.

header RCVD_ILLEGAL_IP X-Spam-Relays-Untrusted =~ /
(?:by|ip)=(?=\d+\.\d+\.\d+\.\d+
)(?:0|2(?:2[4-9]|[3-4]\d)|192\.0\.2|198\.51\.100|203\.0\.113)\./

axb, why was more than this line changed in that commit?

Looks like we just need to worry about bad IPs matching this chunk:
(?:0|2(?:2[4-9]|[3-4]\d)|192\.0\.2|198\.51\.100|203\.0\.113)\.

And the end of that outer group is clear enough:
192\.0\.2|198\.51\.100|203\.0\.113

So what I'm not real clear on is:
0|2(?:2[4-9]|[3-4]\d)

Wouldn't that be:
0/8
or
2
2,4-9
or
3-4,0-9

Which would result in including /8s:
0
224-229
230-249
That doesn't seem to match up well with the reserved space.

And if I'm reading this right, axb's change for bug 6810 would not actually fix
that bug, instead changing the range 230-259 to 230-249. Did that get tested?

I'm also not seeing anything in here that would match 2/8 or 5/8, so I guess I
just need help reading this regex. Or maybe people reporting bugs are using
old rules?

I think this chunk of the regex should match 224/8 - 255/8 and 0/8. Which I
think the regex was closer to before axb's change.

--
You are receiving this mail because:
You are the assignee for the bug.


bugzilla-daemon at bugzilla

Jul 10, 2012, 10:41 AM

Post #3 of 6 (248 views)
Permalink
[Bug 6814] RCVD_ILLEGAL_IP 2/8 Unallocated [In reply to]
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6814

Adam Katz <antispam [at] khopis> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |antispam [at] khopis

--- Comment #3 from Adam Katz <antispam [at] khopis> ---
(In reply to comment #2)
> if I'm reading this right, axb's change for bug 6810 would not actually
> fix that bug, instead changing the range 230-259 to 230-249. Did that get
> tested?

Doesn't look like it.

> I'm also not seeing anything in here that would match 2/8 or 5/8, so I guess
> I just need help reading this regex. Or maybe people reporting bugs are
> using old rules?
>
> I think this chunk of the regex should match 224/8 - 255/8 and 0/8. Which I
> think the regex was closer to before axb's change.

I'd like vetting before I check this in:

header RCVD_ILLEGAL_IP X-Spam-Relays-Untrusted =~ /
(?:by|ip)=(?=\d+\.\d+\.\d+\.\d+
)(?:(?:0|2(?:2[4-9]|[3-5]\d)|192\.0\.2|198\.51\.100|203\.0\.113)\.|(?:\d+\.){0,3}(?!(?:2(?:[0-4]\d|5[0-5])|[01]?\d\d?)\b))/

Spaced as if /x (which is not supported by SA),

/ (?:by|ip)=
(?=\d+\.\d+\.\d+\.\d+ )
(?:
(?:
0
|2(?:2[4-9]|[3-5]\d)
|192\.0\.2
|198\.51\.100
|203\.0\.113
)\.
# this part matches the final octet in " by=10.1.2.326 "
|(?:\d+\.){0,3}(?!
(?:
2(?:[0-4]\d|5[0-5])
|[01]?\d\d?
)
\b
)
)/x

Thanks to the use of by=, we can have improper IP addresses in here.
Therefore, I added a check to ensure that we can't have e.g.
"by=10.1.2.326"


Testing:

for ip in 1.2.3.4 0.1.2.3 223.4.5.6 2.3.4.5 127.0.0.1 255.255.255.255
10.251.257.14; do echo " by=$ip " |grep -P ' (?:by|ip)=(?=\d+\.\d+\.\d+\.\d+
)(?:(?:0|2(?:2[4-9]|[3-5]\d)|192\.0\.2|198\.51\.100|203\.0\.113)\.|(?:\d+\.){0,3}(?!(?:2(?:[0-4]\d|5[0-5])|[01]?\d\d?)\b))'
|| echo "$ip passed"; done

1.2.3.4 passed
by=0.1.2.3
223.4.5.6 passed
2.3.4.5 passed
127.0.0.1 passed
by=255.255.255.255
by=10.251.257.14

--
You are receiving this mail because:
You are the assignee for the bug.


bugzilla-daemon at bugzilla

Jul 10, 2012, 11:00 AM

Post #4 of 6 (249 views)
Permalink
[Bug 6814] RCVD_ILLEGAL_IP 2/8 Unallocated [In reply to]
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6814

--- Comment #4 from Adam Katz <antispam [at] khopis> ---
When you fix the wiki, note that IPv4 is exhausted (there's probably a nice
wikipedia link you could stick in there too). ALL of its usable space has been
allocated, so this rule merely looks for what is illegal for any relay, which
is limited to just 0/8 and 224/3 (or, put another way, 224/8 and up).

--
You are receiving this mail because:
You are the assignee for the bug.


bugzilla-daemon at bugzilla

Jul 10, 2012, 11:40 AM

Post #5 of 6 (249 views)
Permalink
[Bug 6814] RCVD_ILLEGAL_IP 2/8 Unallocated [In reply to]
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6814

--- Comment #5 from Darxus <Darxus [at] ChaosReigns> ---
Adam, thanks, do you agree that this bug (for 2/8) and the one for 5/8 must be
due to people using old rules, and therefore not actually valid?

--
You are receiving this mail because:
You are the assignee for the bug.


bugzilla-daemon at bugzilla

Jul 10, 2012, 2:07 PM

Post #6 of 6 (252 views)
Permalink
[Bug 6814] RCVD_ILLEGAL_IP 2/8 Unallocated [In reply to]
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6814

--- Comment #6 from Adam Katz <antispam [at] khopis> ---
(In reply to comment #5)
> Adam, thanks, do you agree that this bug (for 2/8) and the one for 5/8 must
> be due to people using old rules, and therefore not actually valid?

That's pretty much guaranteed. My fix merely returns the match on 250/8+ and
introduces matches for non-IPv4 "IPs" (which I expect to never fire anyway).

--
You are receiving this mail because:
You are the assignee for the bug.

SpamAssassin devel RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.