View Issue Details

IDProjectCategoryView StatusLast Update
0001318Main CAcert Websitesource codepublic2015-03-10 20:11
Reporterogelpre Assigned ToNEOatNHNG  
PriorityhighSeverityminorReproducibilityalways
Status closedResolutionfixed 
PlatformLinuxOSGentoo 
Product Version2014 Q3 
Target Version2014 Q4Fixed in Version2014 Q4 
Summary0001318: E-Mail Probe does not consider mx priorities
DescriptionI've tried to add a Domain, but the system runs into my spam trap, because it does not consider mx priorities. Instead it chooses servers randomly.
Steps To ReproduceUse a domain with a spamtrap with lowest priority (highest number). For Example:

dig +short -t MX cacert-example.uni-beispiel.de
1000 1000.spamtrap.rz-42.de.
10 10.spamtrap.rz-42.de.
100 lounge.rz-42.de.

10.spamtrap.rz-42.de rejects tcp connections
1000.spamtrap.rz-42.de always defers mails (and does tarpitting)
lounge.rz-42.de this is the mail server.

A proper mta tries from the lowest priority number to the highest.

The CACert website tries randomly an somtimes run into the spamtrap and gives up.
Additional InformationA patch is attached.
TagsNo tags attached.
Reviewed byNEOatNHNG, BenBE
Test InstructionsTest to add a mail on a domain configured similar to the setting in the description.

Activities

ogelpre

2014-10-29 10:09

reporter  

mx.patch (816 bytes)   
--- cacert/includes/general.php	2014-10-28 12:21:30.724020976 +0100
+++ general.php	2014-10-28 12:34:15.754475968 +0100
@@ -537,18 +537,10 @@
 		if(preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\+\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/" , $email))
 		{
 			list($username,$domain)=explode('@',$email,2);
-			$dom = escapeshellarg($domain);
-			$line = trim(`dig +short MX $dom 2>&1`);
-#echo $email."-$dom-$line-\n";
-#echo `dig +short mx heise.de 2>&1`."-<br>\n";
 
-			$list = explode("\n", $line);
-			foreach($list as $row) {
-				if(!strstr($row, " ")) {
-					continue;
-				}
-				list($pri, $mxhosts[]) = explode(" ", trim($row), 2);
-			}
+            $mxhosts = array();
+            getmxrr($dom,$mxhosts);
+
 			$mxhosts[] = $domain;
 			array_walk($mxhosts, function(&$mx) { $mx = trim($mx, '.'); } );
 
mx.patch (816 bytes)   

BenBE

2014-11-29 13:08

updater   ~0005134

Should now conform to RFC 5321 Section 5.1 paragraph 7.

MartinGummi

2014-11-29 14:09

updater   ~0005137

Add a *@gmail.com mail adresse

debug:

array(5) {
  [0]=>
  string(26) "gmail-smtp-in.l.google.com"
  [1]=>
  string(31) "alt1.gmail-smtp-in.l.google.com"
  [2]=>
  string(31) "alt2.gmail-smtp-in.l.google.com"
  [3]=>
  string(31) "alt4.gmail-smtp-in.l.google.com"
  [4]=>
  string(31) "alt3.gmail-smtp-in.l.google.com"
}
array(5) {
  [0]=>
  int(5)
  [1]=>
  int(10)
  [2]=>
  int(20)
  [3]=>
  int(40)
  [4]=>
  int(30)
}
array(5) {
  [0]=>
  string(26) "gmail-smtp-in.l.google.com"
  [1]=>
  string(31) "alt1.gmail-smtp-in.l.google.com"
  [2]=>
  string(31) "alt2.gmail-smtp-in.l.google.com"
  [3]=>
  string(31) "alt3.gmail-smtp-in.l.google.com"
  [4]=>
  string(31) "alt4.gmail-smtp-in.l.google.com"
}


Test successful

=> OK

felixd

2014-12-02 20:26

updater   ~0005143

Adding an email address of an own domain that has been configured for this testcase:

debug returns:
array(4) {
  [0]=>
  string(15) "m10.dogcraft.de"
  [1]=>
  string(17) "m100b.dogcraft.de"
  [2]=>
  string(16) "m100.dogcraft.de"
  [3]=>
  string(17) "m1000.dogcraft.de"
}
array(4) {
  [0]=>
  int(10)
  [1]=>
  int(100)
  [2]=>
  int(100)
  [3]=>
  int(1000)
}
array(4) {
  [0]=>
  string(15) "m10.dogcraft.de"
  [1]=>
  string(17) "m100b.dogcraft.de"
  [2]=>
  string(16) "m100.dogcraft.de"
  [3]=>
  string(17) "m1000.dogcraft.de"
}

Re trying also shows that the order having number 1 and 2 swapped is also possible.

=> OK

MartinGummi

2014-12-02 20:35

updater   ~0005146


array(5) {
  [0]=>
  string(26) "gmail-smtp-in.l.google.com"
  [1]=>
  string(31) "alt2.gmail-smtp-in.l.google.com"
  [2]=>
  string(31) "alt4.gmail-smtp-in.l.google.com"
  [3]=>
  string(31) "alt1.gmail-smtp-in.l.google.com"
  [4]=>
  string(31) "alt3.gmail-smtp-in.l.google.com"
}
array(5) {
  [0]=>
  int(5)
  [1]=>
  int(20)
  [2]=>
  int(40)
  [3]=>
  int(10)
  [4]=>
  int(30)
}
array(5) {
  [0]=>
  string(26) "gmail-smtp-in.l.google.com"
  [1]=>
  string(31) "alt1.gmail-smtp-in.l.google.com"
  [2]=>
  string(31) "alt2.gmail-smtp-in.l.google.com"
  [3]=>
  string(31) "alt3.gmail-smtp-in.l.google.com"
  [4]=>
  string(31) "alt4.gmail-smtp-in.l.google.com"
}

Testing connection to gmail-smtp-in.l.google.com:25 ...
STARTTLS detected ... negotiating
QUIT: 250 2.1.5 Ok

=> OK

NEOatNHNG

2014-12-04 16:55

administrator   ~0005157

Review OK => Ready to deploy

NEOatNHNG

2014-12-05 00:26

administrator   ~0005159

Mail sent to critical admins.

wytze

2014-12-05 09:17

developer   ~0005162

The fix has been installed on the production server on December 5, 2014. See also:
https://lists.cacert.org/wws/arc/cacert-systemlog/2014-12/msg00004.html

Issue History

Date Modified Username Field Change
2014-10-29 10:09 ogelpre New Issue
2014-10-29 10:09 ogelpre File Added: mx.patch
2014-11-29 13:00 BenBE Source_changeset_attached => cacert-devel testserver-stable 055903f9
2014-11-29 13:00 BenBE Source_changeset_attached => cacert-devel testserver-stable b9e5bc9e
2014-11-29 13:08 BenBE Reviewed by => BenBE
2014-11-29 13:08 BenBE Test Instructions => Test to add a mail on a domain configured similar to the setting in the description.
2014-11-29 13:08 BenBE Note Added: 0005134
2014-11-29 13:08 BenBE Assigned To => NEOatNHNG
2014-11-29 13:08 BenBE Status new => needs review & testing
2014-11-29 13:08 BenBE Target Version => 2014 Q4
2014-11-29 13:30 BenBE Source_changeset_attached => cacert-devel testserver-stable 203289a9
2014-11-29 13:30 BenBE Source_changeset_attached => cacert-devel testserver-stable 285cd754
2014-11-29 13:55 BenBE Source_changeset_attached => cacert-devel testserver-stable 21315dae
2014-11-29 13:55 BenBE Source_changeset_attached => cacert-devel testserver-stable 2ccdbb3a
2014-11-29 14:09 MartinGummi Note Added: 0005137
2014-11-29 14:10 BenBE Source_changeset_attached => cacert-devel testserver-stable bdf526bf
2014-11-29 14:10 BenBE Source_changeset_attached => cacert-devel testserver-stable 814306e3
2014-11-29 14:10 BenBE Source_changeset_attached => cacert-devel testserver-stable 292ac178
2014-11-29 14:10 BenBE Source_changeset_attached => cacert-devel testserver-stable 6288c98b
2014-11-29 14:15 BenBE Source_changeset_attached => cacert-devel testserver-stable 5ebf2d83
2014-11-29 14:15 BenBE Source_changeset_attached => cacert-devel testserver-stable 5ea53c50
2014-11-30 18:10 BenBE Source_changeset_attached => cacert-devel testserver-stable 9244bbfb
2014-11-30 18:10 BenBE Source_changeset_attached => cacert-devel testserver-stable b388a866
2014-11-30 18:10 BenBE Source_changeset_attached => cacert-devel testserver-stable 18e87baf
2014-12-02 20:26 felixd Note Added: 0005143
2014-12-02 20:27 felixd Status needs review & testing => needs review
2014-12-02 20:35 MartinGummi Note Added: 0005146
2014-12-04 16:55 NEOatNHNG Reviewed by BenBE => NEOatNHNG, BenBE
2014-12-04 16:55 NEOatNHNG Note Added: 0005157
2014-12-04 16:55 NEOatNHNG Status needs review => ready to deploy
2014-12-05 00:26 NEOatNHNG Note Added: 0005159
2014-12-05 00:35 NEOatNHNG Source_changeset_attached => cacert-devel release 9e373f97
2014-12-05 09:17 wytze Note Added: 0005162
2014-12-05 09:17 wytze Status ready to deploy => solved?
2014-12-05 09:17 wytze Fixed in Version => 2014 Q4
2014-12-05 09:17 wytze Resolution open => fixed
2015-03-10 20:11 INOPIAE Status solved? => closed