View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001318 | Main CAcert Website | source code | public | 2014-10-29 10:09 | 2015-03-10 20:11 |
| Reporter | ogelpre | Assigned To | NEOatNHNG | ||
| Priority | high | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Platform | Linux | OS | Gentoo | OS Version | Roling |
| Product Version | 2014 Q3 | ||||
| Target Version | 2014 Q4 | Fixed in Version | 2014 Q4 | ||
| Summary | 0001318: E-Mail Probe does not consider mx priorities | ||||
| Description | I've tried to add a Domain, but the system runs into my spam trap, because it does not consider mx priorities. Instead it chooses servers randomly. | ||||
| Steps To Reproduce | Use a domain with a spamtrap with lowest priority (highest number). For Example: dig +short -t MX cacert-example.uni-beispiel.de 1000 1000.spamtrap.rz-42.de. 10 10.spamtrap.rz-42.de. 100 lounge.rz-42.de. 10.spamtrap.rz-42.de rejects tcp connections 1000.spamtrap.rz-42.de always defers mails (and does tarpitting) lounge.rz-42.de this is the mail server. A proper mta tries from the lowest priority number to the highest. The CACert website tries randomly an somtimes run into the spamtrap and gives up. | ||||
| Additional Information | A patch is attached. | ||||
| Tags | No tags attached. | ||||
| Attached Files | mx.patch (816 bytes)
--- cacert/includes/general.php 2014-10-28 12:21:30.724020976 +0100
+++ general.php 2014-10-28 12:34:15.754475968 +0100
@@ -537,18 +537,10 @@
if(preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\+\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/" , $email))
{
list($username,$domain)=explode('@',$email,2);
- $dom = escapeshellarg($domain);
- $line = trim(`dig +short MX $dom 2>&1`);
-#echo $email."-$dom-$line-\n";
-#echo `dig +short mx heise.de 2>&1`."-<br>\n";
- $list = explode("\n", $line);
- foreach($list as $row) {
- if(!strstr($row, " ")) {
- continue;
- }
- list($pri, $mxhosts[]) = explode(" ", trim($row), 2);
- }
+ $mxhosts = array();
+ getmxrr($dom,$mxhosts);
+
$mxhosts[] = $domain;
array_walk($mxhosts, function(&$mx) { $mx = trim($mx, '.'); } );
| ||||
| Reviewed by | NEOatNHNG, BenBE | ||||
| Test Instructions | Test to add a mail on a domain configured similar to the setting in the description. | ||||
|
|
Should now conform to RFC 5321 Section 5.1 paragraph 7. |
|
|
Add a *@gmail.com mail adresse debug: array(5) { [0]=> string(26) "gmail-smtp-in.l.google.com" [1]=> string(31) "alt1.gmail-smtp-in.l.google.com" [2]=> string(31) "alt2.gmail-smtp-in.l.google.com" [3]=> string(31) "alt4.gmail-smtp-in.l.google.com" [4]=> string(31) "alt3.gmail-smtp-in.l.google.com" } array(5) { [0]=> int(5) [1]=> int(10) [2]=> int(20) [3]=> int(40) [4]=> int(30) } array(5) { [0]=> string(26) "gmail-smtp-in.l.google.com" [1]=> string(31) "alt1.gmail-smtp-in.l.google.com" [2]=> string(31) "alt2.gmail-smtp-in.l.google.com" [3]=> string(31) "alt3.gmail-smtp-in.l.google.com" [4]=> string(31) "alt4.gmail-smtp-in.l.google.com" } Test successful => OK |
|
|
Adding an email address of an own domain that has been configured for this testcase: debug returns: array(4) { [0]=> string(15) "m10.dogcraft.de" [1]=> string(17) "m100b.dogcraft.de" [2]=> string(16) "m100.dogcraft.de" [3]=> string(17) "m1000.dogcraft.de" } array(4) { [0]=> int(10) [1]=> int(100) [2]=> int(100) [3]=> int(1000) } array(4) { [0]=> string(15) "m10.dogcraft.de" [1]=> string(17) "m100b.dogcraft.de" [2]=> string(16) "m100.dogcraft.de" [3]=> string(17) "m1000.dogcraft.de" } Re trying also shows that the order having number 1 and 2 swapped is also possible. => OK |
|
|
array(5) { [0]=> string(26) "gmail-smtp-in.l.google.com" [1]=> string(31) "alt2.gmail-smtp-in.l.google.com" [2]=> string(31) "alt4.gmail-smtp-in.l.google.com" [3]=> string(31) "alt1.gmail-smtp-in.l.google.com" [4]=> string(31) "alt3.gmail-smtp-in.l.google.com" } array(5) { [0]=> int(5) [1]=> int(20) [2]=> int(40) [3]=> int(10) [4]=> int(30) } array(5) { [0]=> string(26) "gmail-smtp-in.l.google.com" [1]=> string(31) "alt1.gmail-smtp-in.l.google.com" [2]=> string(31) "alt2.gmail-smtp-in.l.google.com" [3]=> string(31) "alt3.gmail-smtp-in.l.google.com" [4]=> string(31) "alt4.gmail-smtp-in.l.google.com" } Testing connection to gmail-smtp-in.l.google.com:25 ... STARTTLS detected ... negotiating QUIT: 250 2.1.5 Ok => OK |
|
|
Review OK => Ready to deploy |
|
|
Mail sent to critical admins. |
|
|
The fix has been installed on the production server on December 5, 2014. See also: https://lists.cacert.org/wws/arc/cacert-systemlog/2014-12/msg00004.html |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2014-10-29 10:09 | ogelpre | New Issue | |
| 2014-10-29 10:09 | ogelpre | File Added: mx.patch | |
| 2014-11-29 13:00 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable 055903f9 |
| 2014-11-29 13:00 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable b9e5bc9e |
| 2014-11-29 13:08 | BenBE | Reviewed by | => BenBE |
| 2014-11-29 13:08 | BenBE | Test Instructions | => Test to add a mail on a domain configured similar to the setting in the description. |
| 2014-11-29 13:08 | BenBE | Note Added: 0005134 | |
| 2014-11-29 13:08 | BenBE | Assigned To | => NEOatNHNG |
| 2014-11-29 13:08 | BenBE | Status | new => needs review & testing |
| 2014-11-29 13:08 | BenBE | Target Version | => 2014 Q4 |
| 2014-11-29 13:30 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable 203289a9 |
| 2014-11-29 13:30 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable 285cd754 |
| 2014-11-29 13:55 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable 21315dae |
| 2014-11-29 13:55 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable 2ccdbb3a |
| 2014-11-29 14:09 | MartinGummi | Note Added: 0005137 | |
| 2014-11-29 14:10 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable bdf526bf |
| 2014-11-29 14:10 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable 814306e3 |
| 2014-11-29 14:10 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable 292ac178 |
| 2014-11-29 14:10 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable 6288c98b |
| 2014-11-29 14:15 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable 5ebf2d83 |
| 2014-11-29 14:15 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable 5ea53c50 |
| 2014-11-30 18:10 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable 9244bbfb |
| 2014-11-30 18:10 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable b388a866 |
| 2014-11-30 18:10 | BenBE | Source_changeset_attached | => cacert-devel testserver-stable 18e87baf |
| 2014-12-02 20:26 | felixd | Note Added: 0005143 | |
| 2014-12-02 20:27 | felixd | Status | needs review & testing => needs review |
| 2014-12-02 20:35 | MartinGummi | Note Added: 0005146 | |
| 2014-12-04 16:55 | NEOatNHNG | Reviewed by | BenBE => NEOatNHNG, BenBE |
| 2014-12-04 16:55 | NEOatNHNG | Note Added: 0005157 | |
| 2014-12-04 16:55 | NEOatNHNG | Status | needs review => ready to deploy |
| 2014-12-05 00:26 | NEOatNHNG | Note Added: 0005159 | |
| 2014-12-05 00:35 | NEOatNHNG | Source_changeset_attached | => cacert-devel release 9e373f97 |
| 2014-12-05 09:17 | wytze | Note Added: 0005162 | |
| 2014-12-05 09:17 | wytze | Status | ready to deploy => solved? |
| 2014-12-05 09:17 | wytze | Fixed in Version | => 2014 Q4 |
| 2014-12-05 09:17 | wytze | Resolution | open => fixed |
| 2015-03-10 20:11 | INOPIAE | Status | solved? => closed |
