Understand modern 4-letters domain names

Don't trust EXTRA_HEADERS and HELO, all of this can be easily faked Restrict sensing of 3-rd level domains to known variants
svn path=/head/; revision=59461
2024-11-27 00:57:50 +00:00 · 2002-05-19 09:05:38 +00:00 · 2002-05-19 09:05:38 +00:00 · 0a06b34ff9 · 2021-03-31 03:12:20 +00:00
commit 0a06b34ff9
parent 8035261599
2 changed files with 61 additions and 12 deletions
--- a/mail/ricochet/Makefile
+++ b/mail/ricochet/Makefile
@ -7,7 +7,7 @@

 PORTNAME=	ricochet
 PORTVERSION=	0.97
-PORTREVISION=   5
+PORTREVISION=   6
 CATEGORIES=	mail
 MASTER_SITES=	http://vipul.net/perl/sources/spamcontrol/ricochet/

@ -21,10 +21,10 @@ RUN_DEPENDS=	${LOCALBASE}/lib/perl5/site_perl/${PERL_VER}/Mail/Internet.pm:${POR

 NO_BUILD=	yes

-post-patch:
+do-configure:
 .for file in install ricochet
-	@${PERL5} -pi -e 's,%%PREFIX%%,${PREFIX},g' ${WRKSRC}/${file}
-	@${PERL5} -pi -e 's,%%INSTALL_DATA%%,${INSTALL_DATA},g' ${WRKSRC}/${file}
+	${PERL5} -pi -e 's,%%PREFIX%%,${PREFIX},g' ${WRKSRC}/${file}
+	${PERL5} -pi -e 's,%%INSTALL_DATA%%,${INSTALL_DATA},g' ${WRKSRC}/${file}
 .endfor

 do-install:
--- a/mail/ricochet/files/patch-ricochet
+++ b/mail/ricochet/files/patch-ricochet
@ -1,6 +1,18 @@
 --- ricochet.orig	Thu Feb  8 22:23:19 2001
-+++ ricochet	Thu Mar  7 03:31:11 2002
-@@ -227,13 +227,19 @@
+++ ricochet	Sun May 19 12:24:58 2002
+@@ -128,7 +128,10 @@
+ 										 ## List of receipients at ORIG_DOMAN 
+                                          ## besides the CONTACTS.
+ 
+-    EXTRA_HEADERS     => [qw/from reply-to sender errors-to return-path/], 
+##  Anything there can be easily faked, producing lots of unwanted
+##  complaints. Better will not use it.
+##  EXTRA_HEADERS     => [qw/from reply-to sender errors-to return-path/],
+    EXTRA_HEADERS     => undef,
+                                          ## Headers to analyze besides 
+                                          ## 'Received'
+ 
+@@ -227,13 +230,19 @@
 
      
     $self->debug (0, "\nANALYZING HEADERS...\n"); 
@ -21,7 +33,7 @@
             if ((_nslookup ($host) && ($NS = 1)) || (_mxlookup ($host) && ($MX = 1))) { 
                 $self->debug (2,"+ $host EXISTS.\n") if $NS; 
                 $self->debug (2,"+ $host HAS A MX RECORD.\n") if $MX; 
-@@ -244,6 +250,7 @@
+@@ -244,6 +253,7 @@
                 }  
             } else { $self->debug (2,"- POSSIBLY FAKED HEADER. $host DOESN'T EXIST.\n") } 
         }
@ -29,9 +41,26 @@
     } @{$self->{EXTRA_HEADERS}}; 
 
     while ($match == 0) {
-@@ -406,8 +413,14 @@
-     my @transmit_hosts = $by =~ /($HOSTRE)/gs; 
+@@ -379,7 +389,7 @@
+ ## ---------------------------------------------------------------------------
 
+ sub authentic { 
+-    my $HOSTRE = '[\dA-Za-z\-\.]+\.[A-Za-z]{2,3}(?=[^A-Za-z\-\d])'; 
+    my $HOSTRE = '[\dA-Za-z\-\.]+\.[A-Za-z]{2,4}(?=[^A-Za-z\-\d])';
+     my $IPRE = '\d{1,3}\.\d{1,3}\.\d{1,3}.\d{1,3}';
+ 
+     my ($self, $received) = @_;
+@@ -401,13 +411,20 @@
+     
+     $received =~ /from\s(.*?)$rfc/s; my $from = " $1 "; 
+     $received =~ /by\s(.*?)$rfc/s; my $by = " $1 "; 
+-    my @orig_hosts = $from =~ /($HOSTRE)/gs; 
+
+    ## Trust only "(host.name [" part, HELO can be fake
+    my @orig_hosts = $from =~ /\([^()\[\]]*?($HOSTRE)[^()\[\]]*?\[/gs;
+     my @orig_ips = $from =~ /($IPRE)/gs; 
+     my @transmit_hosts = $by =~ /($HOSTRE)/gs; 
+-
     my @ips = $by =~ /($IPRE)/gs; 
 +
 +    my $header = $self->{MAIL}->head;
@ -45,7 +74,7 @@
             $auth = 1;
             $self->{ORIG_HOSTS}->add ($_); 
             $self->debug (2,"+ $_ EXISTS."); 
-@@ -417,15 +430,21 @@
+@@ -417,15 +434,21 @@
     my $host; 
     grep { 
         if ($host = _ptrquery ($_)) { 
@ -70,7 +99,7 @@
                 $auth = 1; 
                 $self->{TRANSMIT_HOSTS}->add ($_); 
                 $self->debug (2,"+ $_ EXISTS.");
-@@ -439,7 +458,13 @@
+@@ -439,7 +462,13 @@
     }
 
     unless ($self->relaxed == 1) {    
@ -85,7 +114,7 @@
     }
     
     $self->debug (2, "+ Seems Authentic.\n"); 
-@@ -574,7 +599,8 @@
+@@ -574,7 +603,8 @@
 
 sub initialize { 
     my $self = shift; 
@ -95,3 +124,23 @@
     Carp::croak "** Ricochet configuration file $rc doesn't exist. Aborting.\n" unless -e $rc; 
     open (RC, $rc); 
     grep { 
+@@ -758,8 +788,8 @@
+ 
+ sub _domain { 
+     my $host = shift; $host =~ y/A-Z/a-z/; my $domain = ''; 
+-    ($domain) = $host =~ /([\da-z\-]+\.[a-z]{2,3}\.[a-z]{2})$/;
+-    ($domain) = $host =~ /([\da-z\-]+\.[a-z]{2,3})$/ unless $domain;  
+    ($domain) = $host =~ /([\da-z\-]+\.(edu?|com?|net?|org?|gov?|int|ac|pp)\.[a-z]{2})$/;
+    ($domain) = $host =~ /([\da-z\-]+\.[a-z]{2,4})$/ unless $domain;
+     return $domain ? $domain : undef; 
+ }
+ 
+@@ -769,7 +799,7 @@
+ ## ---------------------------------------------------------------------------
+ 
+ sub _host { 
+-    my $hostre = '[\dA-Za-z\-\.]+\.[A-Za-z]{2,3}(?=[^A-Za-z\-\d]|$)'; 
+    my $hostre = '[\dA-Za-z\-\.]+\.[A-Za-z]{2,4}(?=[^A-Za-z\-\d]|$)';
+     my $data = shift; 
+     my ($host) = $data =~ /($hostre)/; 
+     return $host if $host ne '';